linear-project-update
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill enforces a strict human-in-the-loop requirement, explicitly stating that it must never post updates or change project dates without a fresh confirmation from the user in the current turn.
- [SAFE]: Linear project identifiers (URLs, slugs, or UUIDs) are passed directly to official MCP tools rather than being parsed locally, which prevents common URL parsing and injection vulnerabilities.
- [SAFE]: The skill implements a read-only audit phase using a separate trusted skill (
linear-project-status) to verify project health before drafting, ensuring that updates are based on verified platform data. - [SAFE]: While the skill ingests previous status updates to match the user's tone (representing a minor surface for indirect prompt injection), this risk is mitigated by the draft-and-review workflow which ensures the user validates the content before it is committed back to Linear.
Audit Metadata