linear
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external data.
- Ingestion points: The
read-issue.pyscript fetches comments and attachments from Linear issues, which are then presented to the agent. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched content.
- Capability inventory: The skill possesses several sensitive capabilities, including file uploads via
upload-file.py, issue state transitions viamove-issue.py, and linking external URLs/PRs viaattach-pr.pyandattach-url.py. - Sanitization: No sanitization or filtering is performed on the content retrieved from Linear, allowing potentially malicious instructions in comments to influence agent behavior.
- [DATA_EXFILTRATION]: The
upload-file.pyutility can be used to upload any local file the agent has access to. The script explicitly sets themakePublicflag toTruewhen requesting an upload URL from Linear, meaning any file uploaded will be accessible via a public URL provided by the service. This could lead to accidental or malicious exposure of sensitive data if the agent is manipulated into uploading protected files.
Audit Metadata