The Agent Skills Directory

[COMMAND_EXECUTION]: Shell commands in Step 3 of SKILL.md are constructed using variables derived from user-supplied arguments and external ticket data. Evidence: git fetch origin <base-branch>, git checkout <base-branch>, and git reset --hard origin/<base-branch>. Risk: If the --base flag or ticket identifiers contain shell metacharacters, it could lead to arbitrary command execution.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from untrusted external data. Ingestion points: SKILL.md (Step 1) fetches ticket metadata via Linear MCP. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are used when processing ticket data. Capability inventory: Shell command execution (Step 3) and file-write capabilities (Step 5). Sanitization: Absent; the plan and implementation are derived directly from the fetched ticket record. Risk: An attacker controlling a Linear ticket could influence the agent's behavior.
[SAFE]: The skill implements strict operational constraints in the Constraints section of SKILL.md, such as forbidding git push, git commit, and build commands, which limits the scope of potential exploitation.
[SAFE]: The skill incorporates a human-in-the-loop checkpoint in Step 4 of SKILL.md, requiring explicit user confirmation before implementing any changes.

fix-linear-ticket