update
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected within the skill's instructions.
- [COMMAND_EXECUTION]: Uses local shell commands (
git,grep,linear) to extract project metadata and technical debt markers. These operations are standard for development tools and are used here to derive project status metrics. - [EXTERNAL_DOWNLOADS]: Refers users to the well-known Linear CLI GitHub repository (
schpet/linear-cli) for installation if the tool is missing. The skill does not automate the download or execution of this external code, maintaining user control. - [DATA_EXFILTRATION]: While the skill reads project data and Linear issue descriptions, it only processes this information to generate local summaries and WhatsApp message templates for the user. No network operations to external or unknown domains were found.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from git logs and Linear issues (Category 8).
- Ingestion points: Reads commit messages and issue titles via
git logandlinear issue list. - Boundary markers: The process lacks explicit delimiters when processing these strings for the final report.
- Capability inventory: Uses
BashandWritefor file management and data retrieval. - Sanitization: No explicit sanitization of issue titles is performed before interpolation into templates.
- Mitigation: The skill includes a mandatory interactive refinement step where the user reviews and adjusts the generated update before finalization, significantly mitigating the risk of accidental instruction obedience.
Audit Metadata