linear
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
curlandjqfor executing GraphQL queries and mutations against the Linear API. This is the intended primary function of the skill. - [EXTERNAL_DOWNLOADS]: The skill performs network operations targeting
https://api.linear.app/graphql. This is the official API endpoint for Linear, a well-known project management service. - [CREDENTIALS_UNSAFE]: Authentication is handled via an environment variable (
$LINEAR_TOKEN). No hardcoded credentials or secrets were detected in the instructions. - [PROMPT_INJECTION]: While the skill interpolates user-provided content (like issue titles and descriptions) into JSON payloads, it explicitly includes guidelines advising the use of GraphQL variables to mitigate potential injection risks.
Audit Metadata