linear-tickets
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from an external source (Linear) and correctly identifies the potential for indirect prompt injection. It includes explicit defensive instructions to mitigate this risk.
- Ingestion points: Data enters the agent context through Linear ticket lookups and searches (e.g.,
orca linear issue --current --full). - Boundary markers: The skill includes a dedicated 'Read First' section that mandates treating all returned Linear fields as untrusted source data and explicitly forbids the agent from following instructions found in ticket text, comments, or attachments.
- Capability inventory: The skill can execute subprocesses via the
orcaCLI and read file content via the--body-fileargument. - Sanitization: Uses instruction-based boundaries to ensure the agent uses ticket content only as reference material.
- [COMMAND_EXECUTION]: The skill uses the
orcaandorca-ideCLI tools. These commands are scoped to project management tasks such as searching issues, updating status, and creating follow-up tickets. There is no evidence of arbitrary command execution.
Audit Metadata