linear
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing the
linearCLI via a shell pipe (curl ... | bash) from a repository hosted by the author (lwlee2608). This method allows for the execution of unverified remote code on the user's system, which could be modified at the source without notice. - [COMMAND_EXECUTION]: The skill uses local shell commands (
linear issue get,linear issue search) to perform tasks, providing the agent with the capability to execute tools on the host environment. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes issue descriptions and titles from the Linear platform. 1. Ingestion points: Ticket data retrieved from Linear via CLI commands in SKILL.md. 2. Boundary markers: Absent; no instructions are provided to the agent to treat external issue content as untrusted. 3. Capability inventory: Execution of local CLI commands that could be influenced by malicious data. 4. Sanitization: Absent; no evidence of validation or escaping for the processed issue content.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/lwlee2608/linear-cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata