enhance-linear-issues
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands (
git --version,git remote get-url origin) to gather environment context and construct repository URLs for documentation links. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted text from Linear issues and comments.
- Ingestion points: The skill reads data via
Linear:get_issueandLinear:list_commentsas defined in the Phase 1 discovery steps. - Boundary markers: There are no explicit markers or instructions used to delimit untrusted content or warn the agent to ignore embedded instructions within issue descriptions.
- Capability inventory: The skill can update issues, create issues, and execute shell commands.
- Sanitization: The 'Safety Review' in Step 7 performs structural checks (e.g., description shrinkage) but lacks content-based sanitization or filtering of the input data before it is processed by the model.
- [PROMPT_INJECTION]: The 'Auto' mode enables the agent to apply changes to the Linear workspace without human-in-the-loop approval for each issue. This automated state modification, when combined with the processing of untrusted issue content, creates a risk of unauthorized or malicious changes if a prompt injection is successful.
Audit Metadata