Linear Issues

The skill's core script, `scripts/linear.sh`, constructs GraphQL queries by directly embedding user-provided arguments (such as issue titles, descriptions, search terms, and comment bodies) into the JSON query string without proper sanitization. This creates a GraphQL injection vulnerability, which could allow a malicious actor to alter the intended API call, potentially leading to unauthorized data access or manipulation within the Linear API. While the skill's stated purpose is benign, this implementation flaw represents a significant security risk.