linear-claude-skill
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides explicit security warnings to prevent the exposure of sensitive API keys in the model's context or terminal output. It promotes secure practices such as using environment variables and masking secret validation during setup.
- [EXTERNAL_DOWNLOADS]: Integration with the official Linear MCP server (via npx mcp-remote) and use of standard NPM packages like @linear/sdk are consistent with the skill's purpose and use well-known, trusted service endpoints.
- [COMMAND_EXECUTION]: The skill utilizes the linear CLI and local TypeScript scripts to automate project management tasks. All commands are directly related to the intended functionality of managing Linear entities.
- [PROMPT_INJECTION]: The skill handles data from an external source (Linear), which introduces a surface for indirect prompt injection. Ingestion points: Issue titles and descriptions read via API and CLI. Boundary markers: Absent in instructions. Capability inventory: Command execution via linear CLI and npx scripts, and network access to Linear API. Sanitization: No explicit sanitization or input validation logic is documented in the instructions.
Audit Metadata