prioritize

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted content from external sources (Linear issue descriptions and local vision audit files) and interpolates this data into prompts for a subagent used in the classification fallback logic.
  • Ingestion points: Untrusted data enters the agent context via Linear issues fetched using mcp__linear-server__list_issues and markdown files loaded from the local filesystem.
  • Boundary markers: The prompt template in references/prompts/llm-fallback-bucket.md uses section headers but lacks robust delimiters (such as triple backticks or XML tags with explicit 'ignore instructions' warnings) to encapsulate user-supplied text.
  • Capability inventory: The skill possesses the ability to write files to the local codebase and modify data in Linear (updating issue descriptions and posting comments), which could be misused if the LLM follows instructions embedded within an issue description.
  • Sanitization: No evidence was found of validation or sanitization of the external content before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:46 AM
Security Audit — agent-trust-hub — prioritize