linear
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection due to its interaction with external data sources.
- Ingestion points: The skill reads external data via
linear issue list,linear issue view, andgit log. - Boundary markers: There are no delimiters or instructions provided to the agent to ignore potentially malicious content embedded in issue descriptions or commit messages.
- Capability inventory: The skill allows the agent to execute state changes (
linear issue update) and create pull requests (linear issue pr). - Sanitization: No evidence of sanitization or validation of the retrieved external content before it is processed by the agent.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or access to sensitive local files (like SSH keys) were detected. The environment variable
LINEAR_ISSUE_SORTis used for non-sensitive configuration. - [Unverifiable Dependencies] (SAFE): References the
linearCLI tool via Homebrew, which is a standard and trusted package manager for macOS developer environments. - [Command Execution] (SAFE): The commands used (
linear,git) are standard development tools and are used according to their intended primary purpose within the context of issue tracking.
Audit Metadata