prd
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through untrusted external data sources.
- Ingestion points: Processes content from Linear tickets (titles, descriptions, acceptance criteria) and the local codebase (via Read and Grep).
- Boundary markers: Lacks explicit delimiters or instructions to prevent the agent from obeying instructions embedded within the fetched ticket data.
- Capability inventory: Possesses tools including Bash for command execution and mcp__Linear__* for modifying external ticket data, which provides a significant attack surface if an injection occurs.
- Sanitization: No evidence of sanitization, filtering, or validation of the external input data before it is processed by the agent.
Audit Metadata