pp-linear

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the linear-pp-cli tool using npx -y @mvanhorn/printing-press and go install github.com/mvanhorn/printing-press-library/.... Both sources are under the author's namespace and are required for the skill's functionality.
  • [COMMAND_EXECUTION]: The skill requires the use of the Read Bash tool to execute various subcommands of the linear-pp-cli binary. This is the intended behavior for interacting with the Linear API and local store.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: issue data retrieved from Linear GraphQL API (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: execution of CLI via Read Bash tool and issue creation/update mutations. 4. Sanitization: use of --agent flag for structured JSON output helps minimize accidental interpretation of content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 06:21 AM
Security Audit — agent-trust-hub — pp-linear