Linear Feedback Triage

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Linear feedback-triage helper with scoped read and write guidance, not hidden or deceptive behavior.

Install this only if you want an agent to help with your Linear FB/Tide feedback workflow. Review proposed Linear changes before allowing writes, especially status, label, and comment updates, and ensure the configured MCP credentials are appropriate for the team data the agent may read.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill can activate on broad, common requests about feedback, duplicates, or complaints, then proceed toward querying and potentially mutating Linear data. In an agent setting, vague activation criteria increase the chance the skill is invoked without sufficient user intent confirmation, which can lead to unnecessary access to issue data or accidental workflow changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal