linear-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes linear-cli via the Bash tool to perform webhook management tasks such as creation, deletion, and secret rotation.
- [PROMPT_INJECTION]: The skill provides the ability to listen for incoming webhook events, which creates a surface for indirect prompt injection. This is a functional requirement for the skill's purpose. * Ingestion points: The linear-cli wh listen command (SKILL.md) enables the ingestion of external event data. * Boundary markers: No delimiters or instructions are present to differentiate untrusted webhook payloads. * Capability inventory: The skill is restricted to linear-cli operations within the Bash environment. * Sanitization: The skill does not perform sanitization on incoming webhook data before processing.
Audit Metadata