skills/stablyai/orca/linear-tickets/Gen Agent Trust Hub

linear-tickets

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from an external source (Linear) and correctly identifies the potential for indirect prompt injection. It includes explicit defensive instructions to mitigate this risk.
  • Ingestion points: Data enters the agent context through Linear ticket lookups and searches (e.g., orca linear issue --current --full).
  • Boundary markers: The skill includes a dedicated 'Read First' section that mandates treating all returned Linear fields as untrusted source data and explicitly forbids the agent from following instructions found in ticket text, comments, or attachments.
  • Capability inventory: The skill can execute subprocesses via the orca CLI and read file content via the --body-file argument.
  • Sanitization: Uses instruction-based boundaries to ensure the agent uses ticket content only as reference material.
  • [COMMAND_EXECUTION]: The skill uses the orca and orca-ide CLI tools. These commands are scoped to project management tasks such as searching issues, updating status, and creating follow-up tickets. There is no evidence of arbitrary command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 10:45 PM
Security Audit — agent-trust-hub — linear-tickets