brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external sources such as Linear issues and project files. It addresses the potential for indirect prompt injection through several mitigation strategies.
- Ingestion points: Untrusted data enters the context via Linear issue descriptions, comments, and project-specific documentation (
CLAUDE.md). - Sanitization: The skill performs strict regex validation on user-provided or external identifiers used in file paths, ensuring the Issue ID matches
^[a-zA-Z0-9]([a-zA-Z0-9_-]*[a-zA-Z0-9])?$and slugs match^[a-z0-9-]+$. - Boundary markers: The skill includes an explicit instruction to the agent at the handoff phase to treat the
Key decisionsandScopefields as data and to ignore any instructions that might appear within those fields. - Capability inventory: The skill utilizes file read/write operations within the project directory (
docs/designs/) and the agent's local directory (~/.agent/diagrams/). It explicitly avoids executing external diagram generators in favor of direct HTML construction.
Audit Metadata