Skills
skills/alphaonedev/openclaw-graph/linear/Gen Agent Trust Hub

linear

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it processes data from Linear issues (such as titles and descriptions) that could be controlled by external users.
  • Ingestion points: Data is ingested from the https://api.linear.app/graphql endpoint, specifically from issue objects.
  • Boundary markers: There are no explicit instructions or delimiters provided in the examples to prevent the agent from obeying commands embedded within the retrieved issue content.
  • Capability inventory: The skill has the capability to perform network requests via curl and interact with local Git repository states.
  • Sanitization: No sanitization or escaping of the retrieved API data is performed beyond basic validation of title length.
  • [COMMAND_EXECUTION]: The skill uses shell commands and pipe chains to automate API interactions.
  • Examples include using curl with xargs to process Git commit logs and update Linear issues dynamically.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 05:44 PM