linear-roadmaps
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection via the processing of external roadmap data. * Ingestion points: Output from 'linear-cli rm list' and 'linear-cli rm get'. * Boundary markers: None are provided to separate data from instructions. * Capability inventory: The skill is granted access to the 'Bash' tool, enabling arbitrary command execution. * Sanitization: None present. An attacker with access to the Linear workspace could embed instructions in a roadmap title or description that the agent might execute as shell commands.
- Command Execution (MEDIUM): The explicit requirement for the 'Bash' tool creates a significant risk if the agent is manipulated by untrusted data retrieved during tool execution.
- External Dependencies (LOW): The skill relies on 'linear-cli', an external tool whose source and integrity are not verified within the skill definition.
Recommendations
- AI detected serious security threats
Audit Metadata