Linear

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill depends on the official @linear/sdk package for interacting with the Linear API. It also references the lin CLI (aaronkwhite/linear-cli) as an optional tool for faster execution, which is recommended for installation via standard package managers like Homebrew or Cargo.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to run its own scripts and interface with external CLIs like git, lin, and linear. These operations are well-documented and essential for the skill's project management functionality, including status updates and issue tracking.
  • [DATA_EXFILTRATION]: The skill provides a utility, extract-image.ts, which reads Claude Code session logs from the local filesystem (~/.claude/projects/) to retrieve base64-encoded images shared in the conversation. These images are then uploaded to Linear's official S3 storage via upload-image.ts to be attached to issues. This behavior is a legitimate functional requirement for image support within the Linear integration.
  • [SAFE]: The skill demonstrates high quality and maturity, including integrated smoke tests, TypeScript type checking, and clear security guidance regarding the masking and management of API keys using environment variables or secret management tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 06:59 AM
Security Audit — agent-trust-hub — Linear