linear-issue-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection via the Linear API. 1. Ingestion points: Linear issue titles, descriptions, and acceptance criteria are fetched and processed by the agent (SKILL.md Phase 1). 2. Boundary markers: None are defined in the prompts to the subagents to distinguish between issue data and agent instructions. 3. Capability inventory: The skill has the ability to execute Git/GitHub CLI commands, modify the filesystem via worktrees, and run arbitrary shell commands for dependency installation and testing. 4. Sanitization: No sanitization or instruction-filtering is performed on the data retrieved from Linear.
- COMMAND_EXECUTION (LOW): The skill uses multiple shell commands (git, gh, sed) and explicitly directs the agent to 'install local dependencies' by following instructions found in the repository's documentation. This can lead to the execution of malicious commands if the repository or the Linear issue content is compromised.
Audit Metadata