Skills
skills/openhands/skills/linear/Gen Agent Trust Hub

linear

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl and jq to interact with the Linear API and process JSON responses in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: Fetches issue data from Linear's official API endpoint (api.linear.app).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from an external source.
  • Ingestion points: Fetches issue titles, descriptions, and comments from api.linear.app in SKILL.md.
  • Boundary markers: The instructions do not define specific delimiters or warnings to isolate external data from system instructions.
  • Capability inventory: The agent can perform mutations including issueUpdate, commentCreate, and issueCreate using curl in SKILL.md.
  • Sanitization: No mention of sanitizing or escaping the data retrieved from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 01:32 PM