second-opinion

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill defines procedural workflows for plan review and task classification without introducing malicious instructions or unauthorized data access. It utilizes standard, well-known local tools such as bun, gh, and Linear MCP within their intended functional scope.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is designed to ingest and process data from external artifacts such as plans and PRDs.
  • Ingestion points: Reading of .plan.md files, PRD files in docs/prds/, and primary codebase sources.
  • Boundary markers: Absent; there are no specific instructions for using delimiters to isolate processed content.
  • Capability inventory: Shell command execution (bun run), project management CLI usage (gh), and issue tracking API access (Linear MCP).
  • Sanitization: No sanitization or validation logic for the ingested content is defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 05:20 PM
Security Audit — agent-trust-hub — second-opinion