Skills
skills/yistc/skills/yistc-linear-issue/Gen Agent Trust Hub

yistc-linear-issue

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external sources, specifically Linear issue descriptions and comments, via the get_issue and list_comments tools. This content is used to plan and implement code changes in Step 1 and Step 4. The instructions lack boundary markers or explicit directives to ignore instructions embedded within the issue data, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Step 1 (Reading Linear issue description and comments) and Step 4 (Summarizing the issue).
  • Boundary markers: Absent. The skill does not use delimiters to separate issue content from agent instructions.
  • Capability inventory: The skill has the ability to write files (Step 5), execute shell commands for git operations (Step 3 and Step 7), and use the GitHub CLI to open pull requests (Step 7).
  • Sanitization: Absent. There is no validation or filtering of the content retrieved from Linear before it influences the implementation plan.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands to manage git worktrees, create branches, perform commits, and interact with the GitHub CLI (gh). While these are functional requirements for the stated workflow, they provide a powerful set of capabilities that could be misused if the agent is manipulated by malicious input from a Linear issue.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:10 AM