linear-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass safety filters or override system prompts.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file path access detected. Data handling is limited to project management operations on the Linear platform.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs identified.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill requires the 'rube' MCP server (https://rube.app/mcp). While this is an external source, it is the designated configuration for the skill and does not involve piped script execution or unauthorized downloads.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (Linear issues, comments, and descriptions) and possesses write capabilities (creating/updating issues). This creates an attack surface for indirect prompt injection, though it is standard for this type of integration.
- Ingestion points: LINEAR_GET_LINEAR_ISSUE, LINEAR_SEARCH_ISSUES, LINEAR_LIST_LINEAR_ISSUES
- Boundary markers: None specified
- Capability inventory: LINEAR_CREATE_LINEAR_ISSUE, LINEAR_UPDATE_ISSUE, LINEAR_RUN_QUERY_OR_MUTATION
- Sanitization: None specified
- [Dynamic Execution] (SAFE): The tool LINEAR_RUN_QUERY_OR_MUTATION allows for custom GraphQL queries. This is a standard API feature for Linear and does not involve execution of arbitrary system code or unsafe deserialization.
Audit Metadata