The Agent Skills Directory

[SAFE]: The skill promotes secure development practices by explicitly advising against hardcoded credentials and demonstrating the use of environment variables and .gitignore to protect sensitive information.\n- [EXTERNAL_DOWNLOADS]: The code examples reference legitimate, well-known libraries such as express and the official @linear/sdk. Network interactions are limited to the official Linear API endpoints (api.linear.app) for standard OAuth and webhook operations.\n- [PROMPT_INJECTION]: The skill demonstrates how to safely handle external data from webhooks and OAuth redirects, including the implementation of security controls to mitigate indirect injection risks.\n
Ingestion points: Webhook payloads, environment variables, and OAuth state/code parameters within SKILL.md.\n
Boundary markers: The skill is instructional and focuses on providing secure code structures for developers to use in their own applications.\n
Capability inventory: Performs network requests to official endpoints and uses cryptographic functions for security verification.\n
Sanitization: Provides implementations for HMAC-SHA256 signature verification for webhooks and state parameter validation for OAuth CSRF protection.

linear-security-basics