linear
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlandjqto perform GraphQL queries and mutations against the official Linear API endpoint (https://api.linear.app/graphql). This is the intended functionality of the skill for project management tasks. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8):
- Ingestion points: Operations such as
issueCreateandcommentCreateaccept arbitrary strings for titles, descriptions, and bodies directly from user or agent input. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its own commands and potentially malicious instructions embedded in the external data being processed.
- Capability inventory: The skill possesses the ability to execute network requests and shell commands via
curl. - Sanitization: The skill lacks visible sanitization or validation of the input strings before they are interpolated into the GraphQL mutation commands.
Audit Metadata