linear-claude-skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and command templates for executing the Linear CLI and local TypeScript scripts (e.g., linear-ops.ts, query.ts) to automate project management tasks.
- [EXTERNAL_DOWNLOADS]: The skill connects to the official Linear MCP server via npx mcp-remote at the well-known and trusted domain mcp.linear.app.
- [PROMPT_INJECTION]: The skill processes external data from Linear issues and projects, which presents a surface for indirect prompt injection. 1. Ingestion points: Linear API outputs and CLI query results. 2. Boundary markers: No explicit boundary markers or ignore-instructions are defined in the command templates. 3. Capability inventory: The skill has the ability to execute shell commands and TypeScript scripts. 4. Sanitization: No explicit sanitization of issue content is mentioned.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill includes proactive documentation on securing API keys using Varlock and preventing credential exposure in logs.
Audit Metadata