linear
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the '@membranehq/cli' package from NPM. This is a trusted vendor resource provided by 'membrane' (membranedev) to facilitate the integration.\n- [COMMAND_EXECUTION]: The skill utilizes the 'membrane' command-line interface to perform actions such as creating issues, managing projects, and running API requests. These commands are used as intended for the skill's primary functionality.\n- [PROMPT_INJECTION]: The skill ingests data from external Linear sources, such as issue comments and descriptions, creating a surface for potential indirect prompt injection. This is a standard requirement for the intended ticketing use-case.\n
- Ingestion points: 'list-comments', 'list-issues', and 'search-issues' actions (SKILL.md)\n
- Boundary markers: None specified in the instructions\n
- Capability inventory: 'membrane action run' and 'membrane request' for API interaction (SKILL.md)\n
- Sanitization: Not explicitly mentioned in the skill documentation.
Audit Metadata