linear
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests potentially attacker-controlled content from Linear issue titles, descriptions, and comments. • Ingestion points: Data returned from GraphQL queries in SKILL.md. • Boundary markers: Absent in instructions. • Capability inventory: Network access via curl and file writing to /tmp. • Sanitization: Absent.
- [Data Exposure & Exfiltration] (LOW): The skill communicates with api.linear.app, which is not on the predefined domain whitelist.
- [Command Execution] (LOW): Utilizes bash -c to execute shell commands; this is used for environment variable interpolation within static templates and represents a low-risk pattern.
Audit Metadata