skills/stablyai/orca/orca-linear/Gen Agent Trust Hub

orca-linear

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill proactively identifies and mitigates the risk of indirect prompt injection from external ticket data.\n
  • Ingestion points: Issue data and comments are retrieved from Linear via the orca linear issue and orca linear search commands in SKILL.md.\n
  • Boundary markers: The skill includes explicit instructions for the agent to treat all Linear fields as untrusted source data.\n
  • Capability inventory: The skill can execute orca commands to create issues, add comments, attach URLs, and update ticket statuses.\n
  • Sanitization: The agent is strictly commanded to ignore any instructions or commands that may be embedded within ticket text, comments, or attachments.\n- [COMMAND_EXECUTION]: The skill utilizes the orca and orca-ide CLI tools to perform operations on the Linear platform. These commands are used solely for their intended functional purpose of issue tracking and task management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 10:45 PM
Security Audit — agent-trust-hub — orca-linear