linear
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill reads external content (issues, comments) and can perform write actions, creating a high-risk surface for indirect instructions to control the agent. Ingestion points:
get_issue,list_issues,get_document,list_comments,search_documentation(SKILL.md). Boundary markers: Absent. The agent is not instructed to isolate retrieved content from its own logic. Capability inventory:create_issue,update_issue,create_project,update_project,create_comment,create_issue_label(SKILL.md). Sanitization: Absent. - Remote Code Execution (MEDIUM): The skill provides instructions for Windows/WSL users to run
npx -y mcp-remotewith an external SSE URL (https://mcp.linear.app/sse), which downloads and executes external code at runtime. - External Downloads (MEDIUM): The setup instructions involve adding a remote MCP via URL (
https://mcp.linear.app/mcp), which is not in the trusted source list. - Command Execution (LOW): The skill requires the user to execute multiple CLI commands (
codex mcp add,codex mcp login) and modify local configuration files (config.toml), posing a risk of system misconfiguration.
Recommendations
- AI detected serious security threats
Audit Metadata