implementing-issues
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute various shell commands for version control (using git and jujutsu) and issue management (using gh and linear-cli). These are standard tools for developers and are used within the scope of the skill's stated purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests requirements directly from external issue tracking systems, which could contain malicious instructions designed to manipulate the agent's behavior during the implementation or pull request creation process.
- Ingestion points: External data is fetched using
gh issue viewandlinear-cli issueinSKILL.md. - Boundary markers: There are no explicit markers or instructions to isolate or treat the ingested issue body as untrusted content.
- Capability inventory: The agent can execute shell commands, modify the filesystem (TDD and implementation), and interact with remote repositories (
SKILL.md). - Sanitization: No sanitization or validation of the fetched issue content is performed before the agent processes it for requirements analysis.
Audit Metadata