linear-drafter
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external requirements and discussion transcripts to draft Linear tickets, which presents a surface for indirect prompt injection. 1. Ingestion points: User-provided requirements, story descriptions, and discussion content (SKILL.md). 2. Boundary markers: The skill lacks specific delimiters or 'ignore' instructions to prevent the agent from obeying instructions embedded within the user-provided data during the drafting phase. 3. Capability inventory: The skill utilizes the 'linear_save_issue' tool to write content to the Linear platform. 4. Sanitization: The workflow includes a 'Review & Refine' step and requires explicit user confirmation before the tool is called, providing a manual oversight mechanism.
- [NO_CODE]: The skill does not contain any executable scripts, binaries, or configuration files that could be used for remote code execution or system modification, consisting solely of markdown-based instructions.
Audit Metadata