linear-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the installation of the Linear CLI via an untrusted Homebrew tap:
brew install schpet/tap/linear. This source is not verified or listed as a trusted organization/repository, posing a supply chain risk. - [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent context through
linear issue listandlinear issue view(which fetch issue titles and descriptions from Linear). - Boundary markers: No delimiters or safety instructions are used to separate external content from agent instructions.
- Capability inventory: The skill can execute commands with side effects, including
linear issue start(branch creation) andlinear issue pr(creating GitHub PRs via theghCLI). - Sanitization: No evidence of sanitization or validation of the retrieved issue content before it is used to populate PR descriptions or branch names.
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill guides the user to store a sensitive
LINEAR_API_KEYin plain text within configuration files (.linear.toml) or environment variables, which may lead to accidental exposure or credential theft if the environment is compromised. - [COMMAND_EXECUTION] (LOW): The skill relies on executing various shell commands. While this is the intended purpose of a CLI wrapper, it increases the attack surface for the aforementioned injection vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata