Skills
skills/finesssee/linear-cli/linear-pr/Gen Agent Trust Hub

linear-pr

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to process external content from Linear issues to automate development workflows.
  • Ingestion points: Issue titles and descriptions are retrieved via linear-cli context and used in linear-cli g pr to generate PR metadata.
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions embedded within the Linear issue content.
  • Capability inventory: The skill uses the Bash tool to execute git, gh, and linear-cli, providing a direct path from processed data to system commands and repository modification.
  • Sanitization: No sanitization or escaping of the issue content is mentioned, which could allow a malicious user to manipulate the agent's behavior via issue metadata.
  • Command Execution (LOW): The skill relies on the Bash tool for all operations. While the documented commands are standard development tools, the use of a general-purpose shell provides a broad capability set that should be monitored, especially when handling dynamic input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 03:51 AM