Skills
skills/aspiers/ai-config/linear-ready/Gen Agent Trust Hub

linear-ready

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/linear-ready executes linear and jq commands. Input parameters are safely passed to jq using the --arg flag, preventing command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The documentation identifies @schpet/linear-cli and jq as prerequisites. These are external dependencies that the user is expected to install manually from well-known package registries.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill retrieves issue data from the Linear platform. Since this data is external and potentially attacker-controlled, it represents a surface for indirect prompt injection if the agent follows instructions found within issue titles or descriptions.
  • Ingestion points: Data is fetched from the Linear API via the linear api command in scripts/linear-ready.
  • Boundary markers: The output does not use specific delimiters to separate issue content from system instructions.
  • Capability inventory: The skill facilitates issue updates and status changes using the linear CLI.
  • Sanitization: The script uses jq to ensure valid JSON processing, but it does not perform natural language sanitization of the issue content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 09:15 PM