linear
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Interacts with the official Linear API at api.linear.app to retrieve and manage work items.
- [COMMAND_EXECUTION]: Uses standard shell utilities curl and jq to perform and parse GraphQL requests.
- [DATA_EXFILTRATION]: Communicates data to Linear's official services, which is the intended functionality of the skill.
- [PROMPT_INJECTION]: Features an indirect prompt injection surface by processing external data from issue descriptions and comments.
- Ingestion points: issue, viewer, and issues GraphQL query results in SKILL.md
- Boundary markers: Absent
- Capability inventory: Shell command execution through curl and jq
- Sanitization: Absent
Audit Metadata