ship
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection through its interaction with external data sources.
- Ingestion points: Untrusted data enters the agent context in 'Step 2' (reading Linear ticket descriptions and comments) and 'Step 6' (fetching GitHub PR reviews and comments using
gh api). - Boundary markers: The instructions lack explicit boundary markers or delimiters to differentiate between the system's instructions and the content of tickets or reviews.
- Capability inventory: The skill has broad capabilities, including writing to the file system, executing git commands, managing PR stacks via Graphite, and performing merges via GitHub CLI.
- Sanitization: There is no evidence of sanitization or validation of the content ingested from Linear or GitHub before it is processed by the agent to determine its implementation plan or fixes.
Audit Metadata