linear
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
curlandjqto interact with the Linear API (https://api.linear.app/graphql). It also includes a check for theLINEAR_API_KEYenvironment variable using standard bash conditional logic. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes user-generated content retrieved from the Linear platform.
- Ingestion points: The skill retrieves issue titles, descriptions, and comments from the Linear GraphQL API (
SKILL.md). - Boundary markers: The skill does not provide explicit boundary markers or instructions to ignore instructions embedded in retrieved data within the example curl commands.
- Capability inventory: The agent has the capability to perform network operations and modify data on Linear (e.g., updating states, adding comments).
- Sanitization: No explicit sanitization of external content is performed before processing. However, this risk is assessed as safe in this context as it is inherent to the intended project management functionality and targets a well-known service endpoint.
Audit Metadata