linear-issue
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill uses the command
gh auth tokento retrieve a sensitive authentication token and includes it in an HTTP header for external requests. - [DATA_EXFILTRATION]: The instructions command the agent to send the GitHub token to URLs parsed from untrusted Linear comments and descriptions. This allows an attacker to capture the token by providing a malicious link.
- [COMMAND_EXECUTION]: The skill executes shell commands like
curlandghusing variables derived from external, untrusted content without verification. - [PROMPT_INJECTION]: The skill processes untrusted data from Linear issue descriptions, comments, and external transcripts. It lacks boundary markers or sanitization, creating an attack surface for indirect prompt injection where malicious instructions in the data could hijack the agent's logic. (Ingestion points: Linear description and comments in mcp__linear; Boundary markers: None; Capability inventory: curl, gh, mcp__linear, Read tool; Sanitization: None)
Recommendations
- AI detected serious security threats
Audit Metadata