The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands using variables derived from local files and git metadata without thorough sanitization.
Evidence: In SKILL.md, the $PROJECT_FLAG variable is populated from .linear-project and executed within linear issue list.
Evidence: Branch names are used to derive $ISSUE_ID, which is then interpolated into linear issue update.
Risk: Maliciously crafted branch names or project files containing shell metacharacters could lead to unintended command execution.
[DATA_EXFILTRATION]: The skill is designed to send local repository data and implementation summaries to external services.
Evidence: Implementation summaries and commit hashes are sent to Linear via CLI commands.
Evidence: Code branches are pushed to remote servers to create Merge Requests.
Context: This behavior is intended and documented as part of the skill's workflow.
[COMMAND_EXECUTION]: Indirect input risk assessment:
Ingestion points: Branch names and the .linear-project file.
Boundary markers: None used during shell interpolation.
Capability inventory: Significant use of the Bash tool for external CLI interactions.
Sanitization: Only basic whitespace trimming is performed on input data.

finish-task