Linear SDK Usage

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a documentation resource for using the official @linear/sdk. It provides code examples for client initialization, fetching data, mutations, and error handling that align with developer best practices.
  • [PROMPT_INJECTION]: Indirect prompt injection surface analysis:
  • Ingestion points: Data (issues, comments, nodes) is retrieved from the Linear API via the @linear/sdk as shown in the fetching and mutation examples in SKILL.md.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are provided in the boilerplate code.
  • Capability inventory: The skill's metadata configuration allows access to Bash, Read, Grep, and Glob tools.
  • Sanitization: No explicit sanitization or validation of the fetched API data is demonstrated in the snippets. This is noted as an inherent risk surface of external data integrations rather than a malicious design.
  • [EXTERNAL_DOWNLOADS]: The skill references the official Linear SDK and associated developer documentation. These are well-known resources from a reputable service and do not pose a security risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 12:25 AM
Security Audit — agent-trust-hub — Linear SDK Usage