kill-the-standup
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard shell commands (
curlandgh) to interact with established developer platforms. It demonstrates defensive coding by writing JSON payloads to temporary files (/tmp/standup-payload.json) before transmission, ensuring that potentially malicious characters in commit messages or issue titles do not cause shell command injection. - [DATA_EXFILTRATION]: Work summaries are sent to a Slack webhook URL provided by the user in the environment configuration. This is the primary function of the skill and is performed only upon explicit user confirmation during the workflow.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources (Linear issue titles and GitHub commit messages), which constitutes an indirect prompt injection surface. However, the risk is mitigated by the skill's specific focus on formatting and the use of non-executable transmission methods.
- Ingestion points: Linear GraphQL API (
issues.edges.node.title,identifier) and GitHub Commits API (commit.message). - Boundary markers: None explicitly used during prompt interpolation.
- Capability inventory: Shell command execution (
curl,gh) and file system writes. - Sanitization: External data is processed as text, formatted into a JSON structure, and passed to
curlusing the@filesyntax to prevent interpretation by the shell.
Audit Metadata