second-opinion
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines procedural workflows for plan review and task classification without introducing malicious instructions or unauthorized data access. It utilizes standard, well-known local tools such as bun, gh, and Linear MCP within their intended functional scope.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is designed to ingest and process data from external artifacts such as plans and PRDs.
- Ingestion points: Reading of
.plan.mdfiles, PRD files indocs/prds/, and primary codebase sources. - Boundary markers: Absent; there are no specific instructions for using delimiters to isolate processed content.
- Capability inventory: Shell command execution (
bun run), project management CLI usage (gh), and issue tracking API access (Linear MCP). - Sanitization: No sanitization or validation logic for the ingested content is defined in the instructions.
Audit Metadata