linear-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves data from Linear issues (titles, descriptions, comments) which may contain malicious instructions that influence agent behavior. (1) Ingestion points: Data enters the context via tools like
LINEAR_SEARCH_ISSUES,LINEAR_GET_LINEAR_ISSUE, andLINEAR_LIST_LINEAR_ISSUES. (2) Boundary markers: The instructions lack delimiters or explicit directives to ignore instructions within the ingested data. (3) Capability inventory: The skill can perform various write operations and execute arbitrary GraphQL queries viaLINEAR_RUN_QUERY_OR_MUTATION. (4) Sanitization: No evidence of input validation or escaping of external content is provided. - [EXTERNAL_DOWNLOADS]: The skill requires the user to configure a third-party MCP server at
https://rube.app/mcp. This directs workspace interaction and authentication through external infrastructure (Composio/Rube) not included in the trusted vendors list.
Audit Metadata