linear
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill specifies running
bun run type-checkduring the issue completion workflow. This is a standard development command for static analysis and is considered safe within the context of a software engineering skill. - [SAFE]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: Untrusted data enters the agent context through
mcp__linear-server__get_issue,mcp__linear-server__extract_images, andmcp__linear-server__list_issuesas defined in the workflow sections ofSKILL.md. - Boundary markers: The instructions do not define explicit delimiters or instructions to ignore embedded commands within issue content.
- Capability inventory: The skill utilizes issue modification tools (
mcp__linear-server__update_issue,mcp__linear-server__create_issue) and local command execution viabun. - Sanitization: No specific sanitization or validation of external issue content is described in the workflow.
- Conclusion: While the skill processes external data from an issue tracker, its operations are restricted to standard issue management and local development checks, which is typical for this category of developer tool.
Audit Metadata