linear-pm
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing external data (such as issue titles and descriptions) via the
WebFetchtool without defined sanitization or delimiters. -- Ingestion points: External data retrieved from Linear API endpoints. -- Boundary markers: No explicit markers or 'ignore' instructions are present to differentiate between data and instructions. -- Capability inventory: Access toBash,WebFetch, andReadtools. -- Sanitization: The logic does not currently include filtering or escaping of retrieved content. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool for local command execution; while this supports the intended automation, it represents a capability that could be targeted via manipulation. - [EXTERNAL_DOWNLOADS]: The skill documentation references official domains for Linear services, which are established and trusted platforms.
Audit Metadata