linear
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [External Downloads] (SAFE): The skill references the official Linear MCP server URL (
https://mcp.linear.app/mcp). This is the primary and intended communication channel for the skill and originates from a trusted service provider (Linear). - [Indirect Prompt Injection] (LOW): The skill processes data from Linear (issues, comments, and documents) which can contain untrusted content. A malicious user or external collaborator could embed instructions in a ticket to influence the agent's actions during triage or updates.
- Ingestion points:
list_issues,get_issue,get_document, andlist_commentsas defined in the available tools inSKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded content were found in the prompt templates.
- Capability inventory: The skill has write capabilities including
create_issue,update_issue, andcreate_comment. - Sanitization: No explicit sanitization or validation of the retrieved ticket data is performed before processing.
Audit Metadata