linear-watch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection vulnerability surface detected.
- Ingestion points: The
linear-cli watchcommand (SKILL.md) ingests untrusted data from external Linear issue descriptions and comments. - Boundary markers: Absent. The skill does not provide delimiters or instructions to the agent to disregard instructions embedded within the issue data.
- Capability inventory: The skill utilizes the
Bashtool (SKILL.md YAML), which provides a powerful execution environment if the agent is successfully manipulated. - Sanitization: Absent. There is no logic shown to sanitize or validate the content retrieved from Linear before the agent processes it.
Audit Metadata