linear-branch
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs multiple local shell operations using the git CLI to manage repository state, including
git status,git fetch,git pull, andgit checkout. These commands are integral to the skill's primary function. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where data from an external source (Linear issue titles) is used to construct shell commands.
- Ingestion points: Issue titles are retrieved from the Linear platform through the
Linear:get_issuetool call. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded content within the fetched titles.
- Capability inventory: The agent has the ability to execute git commands on the local system.
- Sanitization: Step 5 of the workflow defines a mandatory slugification process that converts titles to lowercase and replaces all special characters with hyphens. This serves as a security control to prevent command injection when the title is interpolated into the
git checkout -bcommand.
Audit Metadata