Skills
skills/getsentry/sentry-javascript/linear-project-status/Gen Agent Trust Hub

linear-project-status

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the bash tool with jq to process large JSON files containing project data. This is a standard procedure for handling datasets that exceed context window limits and is used safely here to aggregate issue statistics.
  • [PROMPT_INJECTION]: The skill processes untrusted content from external sources, specifically the bodies of Linear status updates and project comments. This creates an indirect prompt injection surface where malicious instructions embedded in those fields could attempt to manipulate the audit's findings. This risk is mitigated by the skill's prescriptive and structured analysis framework, which provides the agent with specific heuristics and thresholds to follow.
  • [DATA_EXFILTRATION]: The skill accesses project data, milestones, and discussion comments from the user's Linear workspace. This data is used solely to generate a report within the chat session and is not transmitted to any unauthorized external domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 04:10 AM
Security Audit — agent-trust-hub — linear-project-status