linear
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill documentation explicitly instructs the agent to source credentials, including
LINEAR_API_KEY, from a local environment file at/experiments/skills/.env. This pattern encourages the agent to access sensitive filesystem paths containing secrets.\n- [PROMPT_INJECTION] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8) because it processes untrusted user input to perform write operations.\n - Ingestion points: Data from conversation context is directly interpolated into bash script arguments such as
--title,--description, and--body.\n - Boundary markers: Absent. There are no markers or system instructions to prevent the agent from obeying instructions embedded in the user-provided text.\n
- Capability inventory: The skill can execute local bash scripts and perform network operations via Linear's GraphQL API.\n
- Sanitization: Absent. There is no evidence of input validation or escaping before data is passed to the shell execution layer.\n- [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing a suite of bash scripts from a hardcoded local path (
/Users/braydon/projects/experiments/skills/linear/scripts/). Executing local scripts with arguments derived from external, untrusted sources poses a command injection risk if the underlying scripts do not implement robust quoting and sanitization.
Recommendations
- AI detected serious security threats
Audit Metadata