The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to retrieve sensitive credentials. This includes using the Doppler CLI (doppler secrets get LINEAR_API_KEY --plain) and an arbitrary command path retrieved from a local configuration file (password_manager_config.query_cmd from preferences.json). This pattern allows for the execution of arbitrary local commands based on the contents of configuration files.
[EXTERNAL_DOWNLOADS]: The skill uses curl and WebFetch to interact with an external API. It targets https://api.linear.app/graphql to fetch and update project data. Linear is a well-known service, and these operations are consistent with the skill's documented purpose.
[DATA_EXFILTRATION]: The skill is designed to access and handle a LINEAR_API_KEY. It searches for this key in environment variables and local secret managers, subsequently sending it in the Authorization header of network requests to the Linear API. While this is functional behavior, the handling of credentials across different tools and environment variables creates a potential data exposure surface.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data from Linear API responses and local STATE.md files. This data is used to inform agent actions and prompt for user input.
Ingestion points: Reads project STATE.md files and Linear GraphQL API issue/cycle nodes.
Boundary markers: None identified; untrusted data is processed directly to determine if new issues should be created or synced.
Capability inventory: The skill has access to Bash, WebFetch, and Linear management tools, allowing it to perform network operations and system commands based on ingested data.
Sanitization: There is no evidence of sanitization or validation of the data retrieved from external project files or API responses before it is used in logic flows.

ops-linear