linear-automation
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to add an external MCP server endpoint (
https://rube.app/mcp) to their configuration to enable the Linear automation tools. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of reading and processing untrusted data from an external platform.
- Ingestion points: Data is ingested from Linear via tools like
LINEAR_SEARCH_ISSUES,LINEAR_LIST_LINEAR_ISSUES, andLINEAR_GET_LINEAR_ISSUE(SKILL.md). - Boundary markers: Absent. The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded within Linear issue titles or descriptions.
- Capability inventory: The skill allows for high-impact write operations including
LINEAR_UPDATE_ISSUE,LINEAR_CREATE_LINEAR_COMMENT, and arbitrary GraphQL execution viaLINEAR_RUN_QUERY_OR_MUTATION(SKILL.md). - Sanitization: Absent. There is no evidence of sanitization or content validation for the data retrieved from Linear before it is processed by the agent.
Audit Metadata