linear-graphql-skill
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill connects to the official Linear API (api.linear.app). Interactions with this well-known service are documented neutrally and do not escalate the security verdict.
- [SAFE]: Documentation provides secure alternatives for authentication, such as using environment variables or secret management tools, avoiding the risk of hardcoded credentials.
- [COMMAND_EXECUTION]: The skill executes the uxc CLI tool to perform GraphQL queries and mutations. The commands are purpose-built for Linear integration and do not involve arbitrary shell execution.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from Linear issues and comments (SKILL.md). Boundary markers include the use of JSON output envelopes. Capabilities include creating and updating issues via GraphQL mutations. Risk is mitigated by requiring explicit user confirmation for all write operations.
Audit Metadata