blueprint-scratchpad
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external sources such as Linear ticket comments and Slack messages, which constitutes an indirect prompt injection surface where third-party content could influence agent behavior.
- Ingestion points: Retrieves project data and comments from Linear, Notion, Figma, and Slack as defined in SKILL.md and grill-topics.md.
- Boundary markers: The skill does not implement delimiters or specific instructions to treat external data as non-executable text.
- Capability inventory: The agent uses MCP tools to read from project management APIs and has the capability to write to local or remote storage with user approval.
- Sanitization: No sanitization or filtering logic is described for the text content gathered from external links.
Audit Metadata