linearb
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
@membranehq/clipackage globally via npm. This package is the official command-line tool for the Membrane platform, which is the skill's authoring environment. - [COMMAND_EXECUTION]: The integration logic relies on executing shell commands using the
membraneCLI, includinglogin,connect,action run, andrequestto manage the interaction with the LinearB API. - [DATA_EXFILTRATION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from LinearB.
- Ingestion points: Data is retrieved from the LinearB API via
membrane action runandmembrane requestas described in SKILL.md. - Boundary markers: There are no specific delimiters or instructions provided to the agent to distinguish between its own logic and potentially malicious instructions embedded in the retrieved data.
- Capability inventory: The skill allows for network writes to the LinearB API (e.g.,
create-incident,delete-user,update-team) via themembrane action runandmembrane requestcommands. - Sanitization: No sanitization or validation of the external API content is specified before the data is processed by the agent.
Audit Metadata