linear
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill connects to official Linear infrastructure at
https://mcp.linear.app/mcp. These are trusted endpoints for the intended service. - [COMMAND_EXECUTION] (LOW): The skill instructions (SKILL.md) advise users on how to configure their environment, including a Windows/WSL specific command that uses
npx -y mcp-remote. While this involves downloading and executing a package, it is directed at the user for setup purposes and points to official Linear SSE endpoints. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Data enters the agent context via
list_issues,get_issue,search_documentation, andlist_comments(SKILL.md). - Boundary markers: Absent; the instructions do not specify delimiters for external content.
- Capability inventory: The skill can
create_issue,update_issue, andcreate_comment, allowing for potential automated actions based on malicious input in Linear tickets. - Sanitization: None mentioned in the provided skill logic.
- [DATA_EXFILTRATION] (SAFE): No unauthorized data transmission patterns were detected. Communication is limited to the official Linear API and the local MCP configuration.
Audit Metadata