linear-uploads
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill creates a surface for indirect prompt injection (Category 8). It downloads external data from Linear URLs and instructs the agent to use the Read tool on it without sanitization or boundary markers.
- Ingestion points: linear-cli up fetch downloads files from attacker-controllable Linear URLs.
- Boundary markers: None.
- Capability inventory: Bash execution and Read tool.
- Sanitization: None.
- [External Downloads] (SAFE): Downloads are performed via linear-cli from the uploads.linear.app domain, which is a trusted source for Linear data.
- [Command Execution] (SAFE): The skill uses the Bash tool to execute linear-cli, which is necessary for its core functionality.
Audit Metadata