decompose
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The workflow involves an indirect prompt injection attack surface.\n- Ingestion points: The skill reads parent issues, project details, and team comments from the Linear platform using mcp__linear-server tools.\n- Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the ingested data to prevent the agent from following instructions hidden within Linear issue descriptions or comments.\n- Capability inventory: The agent has the ability to write files to the local repository (plans/PLAN_IOS_XXXX.md), execute git commands (git branch, git commit), and create/modify Linear issues.\n- Sanitization: The instructions do not specify any validation or sanitization of the content fetched from the external project management tools before incorporating it into the final output or executing further commands.
Audit Metadata