linear-sync
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection through the ingestion of external data from the Linear API.
- Ingestion points: The skill fetches Linear issue titles, descriptions, and comments using GraphQL queries as described in
references/guide.md. - Boundary markers: The instructions do not define specific delimiters or instructions to ignore potential commands embedded within the ingested issue content.
- Capability inventory: The skill can write specification files to the local file system and perform update operations on the Linear API (mutations for state changes and comments).
- Sanitization: Basic filtering is applied to comments based on keywords (e.g., 'decision', 'approved'), but the skill lacks comprehensive validation of all input text before it is processed or written to files.
- [CREDENTIALS_UNSAFE]: The skill documentation provides guidance on managing Linear API keys. It correctly recommends using environment variables (
LINEAR_API_KEY) and explicitly warns users against committing raw credentials to version control, which aligns with secure development practices. - [EXTERNAL_DOWNLOADS]: The skill references the Linear API endpoint (
api.linear.app). This is a well-known service, and the network interactions are necessary for the skill's stated functionality of syncing project management data.
Audit Metadata