Skills
skills/mthines/agent-skills/batch-linear-tickets/Gen Agent Trust Hub

batch-linear-tickets

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface by ingesting untrusted data from Linear ticket identifiers, descriptions, and comments, as well as user-provided context. This data is interpolated into prompts for sub-agents (investigators and planners) without explicit sanitization or boundary markers.
  • Ingestion points: $ARGUMENTS, Linear ticket titles, descriptions, and comments are fetched via the Linear MCP and passed to sub-agents in SKILL.md (Phases 1 and 4).
  • Boundary markers: The skill uses basic template variables (e.g., {TICKET_ID}, {Title}) but lacks explicit instructions to sub-agents to ignore embedded commands within the ticket data.
  • Capability inventory: The skill can spawn autonomous sub-agents (linear-ticket-investigator, aw-planner, aw-executor), create GitHub Pull Requests via the gh CLI, and modify Linear tickets via the Linear MCP.
  • Sanitization: No explicit sanitization or validation of the content of ticket descriptions is performed before orchestration.
  • [COMMAND_EXECUTION]: The skill orchestration logic involves the use of system-level CLI tools (gh for PR management and gw for worktree management). These tools are invoked as part of the execution phase, though they are managed through established platform patterns and gated by user approval.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 09:36 AM