linear-update
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill enables an agent to perform state-changing operations on an external system (Linear) based on data that often originates from untrusted external sources (e.g., user comments or commit logs).
- Ingestion points: The skill accepts issue IDs, status labels, assignee names, priority levels, and comment bodies as command arguments.
- Boundary markers: Absent. The command templates do not utilize delimiters or specific instructions to ensure the agent ignores instructions embedded within the data.
- Capability inventory: Uses the
Bashtool to executelinear-clicommands, which have the capability to modify remote data (write access). - Sanitization: None detected. There is no evidence of validation or escaping for the parameters passed to the CLI tool.
- Command Execution (LOW): The skill relies on the
Bashtool to executelinear-cli. While this is the intended functionality, executing shell commands based on LLM output without strict schema validation or sandboxing represents an inherent security risk.
Recommendations
- AI detected serious security threats
Audit Metadata