nielsen-heuristics

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the shell to execute linear and bd (Beads) CLI tools for task management. These commands are constructed using findings derived from user-provided artifacts.
  • [DATA_EXFILTRATION]: The skill exports findings to the external Linear service. This is a core functionality that transmits information derived from user-provided codebases or documents to a cloud platform. The risk is managed via a mandatory confirmation prompt before any data is sent.
  • [PROMPT_INJECTION]: The skill processes untrusted data from multiple sources (URLs, HTML, specification documents) and incorporates that content into generated task titles and descriptions. This creates an indirect prompt injection vulnerability surface where malicious content in an artifact could attempt to manipulate the agent's behavior or command arguments.
  • Ingestion points: Artifact inputs such as live URLs, codebase source files, and specification documents (SKILL.md Step 1).
  • Boundary markers: The prompt templates do not include specific delimiters or instructions to ignore embedded commands in the analyzed content.
  • Capability inventory: The skill has shell execution access for the Linear and Beads CLI tools and read access to the local file system.
  • Sanitization: There are no instructions for sanitizing or escaping content extracted from artifacts before it is used to build shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 07:54 AM
Security Audit — agent-trust-hub — nielsen-heuristics