Skills
skills/yigitkonur/skills-by-yigitkonur/use-linear-cli/Gen Agent Trust Hub

use-linear-cli

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from the Linear API (issue titles, descriptions, and comments) and has the capability to perform mutations.
  • Ingestion points: Commands such as linear-cli i get, linear-cli i list, and linear-cli cm list pull data from external Linear issues into the agent's context.
  • Boundary markers: The instructions require the agent to state whether each command is read-only or mutating and mandates the use of --dry-run for bulk operations.
  • Capability inventory: The skill allows the agent to create/update issues, projects, and webhooks using linear-cli i create, linear-cli i update, and linear-cli wh create.
  • Sanitization: The skill includes explicit warnings against GraphQL injection and instructs the agent to use GraphQL variables (-v) rather than string interpolation.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands to interact with the Linear CLI, jq, and the GitHub gh CLI. It uses subshell expansion and piping to manage data flows.
  • [EXTERNAL_DOWNLOADS]: The skill mentions external installation and update paths including linear-cli update and cargo install linear-cli. These are standard package management and update operations for the tool described in the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:49 PM