The Agent Skills Directory

[Dynamic Execution] (MEDIUM): In scripts/linear.ts, the listIssues function constructs GraphQL queries using direct string interpolation for the state and assignee filters. This is a security anti-pattern that could allow an attacker (or malformed input) to manipulate the GraphQL query structure. Using parameters/variables is the recommended safe practice.
[Data Exposure & Exfiltration] (LOW): The skill makes network requests to https://api.linear.app, which is an external domain not on the pre-approved whitelist. While this is necessary for the skill's functionality, it involves transmitting a sensitive API key to an external service.
[Indirect Prompt Injection] (LOW): The skill processes untrusted data (issue titles, descriptions, and comments) from the Linear API and has the capability to write back to the API. This creates a surface for indirect prompt injection where malicious content in an issue could influence the agent's behavior.
Ingestion points: scripts/linear.ts via listIssues, getIssue, and searchIssues functions fetching external data.
Boundary markers: Absent; the script returns raw JSON data to the agent without any delimiters or warnings to ignore embedded instructions.
Capability inventory: The script can perform write operations, including updateIssue (priority/state) and addComment.
Sanitization: No sanitization or validation of the ingested data is performed before it is returned to the agent context.

linear