linear-planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/mcp-setup.md require connecting to the official Linear MCP server (https://mcp.linear.app/mcp) and explicitly instruct the agent to use MCP tools to fetch and read user-generated Linear issues/teams/projects (e.g., "Fetch issue details (read the full brief)"), so third-party ticket content is ingested and can directly drive agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires and uses the official MCP server URL (https://mcp.linear.app/mcp) at runtime — configured via commands like claude mcp add / npx mcp-remote https://mcp.linear.app/mcp — which involves fetching/executing remote MCP tooling and using that external server as the agent control plane, so external content is executed/relied upon as a runtime dependency.