linear
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection. The skill retrieves data from external Linear issues which are attacker-controllable. If a Linear issue contains malicious instructions, the agent may attempt to execute them.
- Ingestion points: Data enters via
mcp__linear-server__get_issueandmcp__linear-server__list_issues. - Boundary markers: Absent. There are no instructions to the agent to ignore or delimit embedded instructions within issue content.
- Capability inventory: The agent can modify Linear issues (
update_issue), create comments (create_comment), and execute local shell commands (bun run type-check). - Sanitization: Absent. No sanitization or validation of the retrieved Linear content is performed before processing.
- [COMMAND_EXECUTION] (SAFE): The skill requires the execution of
bun run type-check. This is a standard development command used for type safety and does not appear to involve untrusted or dynamic parameters that would lead to arbitrary command execution.
Audit Metadata