linear-cli
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from the Linear platform that could contain malicious instructions.
- Ingestion points: Untrusted data enters the agent context through commands like
linear issue view,linear issue list,linear issue comment list, andlinear project viewwhich fetch titles, descriptions, and comments from the Linear API. - Boundary markers: The skill does not provide instructions or delimiters to isolate fetched content or warn the agent to ignore embedded instructions.
- Capability inventory: The agent has the capability to execute shell commands (
linear), modify the local environment (export LINEAR_API_KEY), and perform destructive actions likelinear issue delete. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from Linear before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install the Linear CLI from external sources managed by the author.
- It installs the
@injectivelabs/linear-clipackage via NPM or fetches binaries directly fromgithub.com/InjectiveLabs/linear-cli/releases. - [COMMAND_EXECUTION]: The skill relies on the execution of shell commands to interact with the Linear service and manage local configuration.
- Commands include
linear auth login,linear configfor generating configuration files, and various issue management commands likelinear issue startandlinear issue update.
Audit Metadata