linear-worktree

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls Linear MCP APIs (e.g., Linear:get_issue in Step 4 and Linear:list_issue_statuses/Linear:update_issue in Step 12) and uses user-generated issue fields (title/identifier) to construct branch/worktree names and to decide status updates, so it ingests untrusted third-party content that can materially influence git commands and subsequent actions.