linear-status-check
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection risk. The skill ingests untrusted content from Linear issue titles and descriptions as well as GitHub commit/PR data in steps 3 and 4. This data is then used to construct prompts for Claude Code in step 5. Without sanitization or explicit boundary markers, an attacker controlling a Linear issue could inject malicious instructions that would be executed by the downstream coding agent.
- [COMMAND_EXECUTION] (HIGH): Potential shell command injection. In step 3, the skill extracts keywords from Linear issues and interpolates them into a shell command:
python3 ... analyze_repo.py ... "keyword". If an issue title contains shell metacharacters like backticks or semicolons, it could lead to arbitrary command execution on the host system. - [EXTERNAL_DOWNLOADS] (LOW): The skill performs repository cloning via
gh repo clone. While this is core to its functionality, it involves downloading external content from potentially untrusted user-specified repositories.
Recommendations
- AI detected serious security threats
Audit Metadata