spec-context
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an official Linear service URL (
https://mcp.linear.app/mcp) for setting up the Model Context Protocol server. This is a well-known service and the reference is for documentation purposes. - [COMMAND_EXECUTION]: Includes a setup command (
claude mcp add) for the user to configure the environment. The skill contains a specific negative constraint instructing the agent: 'Do NOT run this command yourself. The user must run it,' which prevents unauthorized execution by the AI. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes content from external Linear issues and comments.
- Ingestion points: External data is ingested via Linear MCP tool calls that fetch issue bodies and comments.
- Boundary markers: None are defined to separate fetched ticket content from the system prompt.
- Capability inventory: The agent can search, read, and update Linear issues based on the retrieved content.
- Sanitization: No explicit sanitization or validation of the fetched external text is performed before processing.
Audit Metadata