The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates and executes Node.js scripts (.mjs) to interact with the Linear SDK. Evidence: Canonical execution pattern in SKILL.md using node "$LINEAR_DIR/task.mjs".\n- [COMMAND_EXECUTION]: The skill sources multiple shell profile files (e.g., ~/.zshrc, ~/.bashrc, ~/.profile) to retrieve environment variables. This action executes all commands within these files in the agent's current shell context. Evidence: Shell profile sourcing loop in the 'Execution pattern' section of SKILL.md.\n- [DATA_EXFILTRATION]: The skill accesses and modifies sensitive shell configuration files to persist and retrieve the LINEAR_API_KEY. While intended for credential management, this involves reading from and writing to sensitive system paths. Evidence: Instructions in the 'Setup' section of SKILL.md.\n- [PROMPT_INJECTION]: The skill processes untrusted data from the Linear API which could contain malicious instructions. 1. Ingestion points: Issue titles, descriptions, and comments retrieved via SDK methods in references/recipes.md. 2. Boundary markers: None identified. 3. Capability inventory: Node.js code execution, filesystem writes, and shell command execution as documented in SKILL.md. 4. Sanitization: No sanitization or filtering of external content is documented before processing.

linear-sdk-scripting