linear-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill package contains no executable code, scripts, or binary files, consisting solely of markdown instructions and metadata.
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructions require the user to configure a third-party MCP server at
https://rube.app/mcp. While this is an external dependency, it is a standard Model Context Protocol integration and does not involve direct script execution from the skill file itself. - [PROMPT_INJECTION] (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8) because it processes data from Linear issues. 1. Ingestion points:
LINEAR_GET_LINEAR_ISSUE,LINEAR_SEARCH_ISSUES. 2. Boundary markers: Absent from the provided instructions. 3. Capability inventory: The skill can update issues and execute GraphQL mutations viaLINEAR_RUN_QUERY_OR_MUTATION. 4. Sanitization: Not explicitly addressed in the workflow logic.
Audit Metadata