Linear
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill depends on the official
@linear/sdkpackage for interacting with the Linear API. It also references thelinCLI (aaronkwhite/linear-cli) as an optional tool for faster execution, which is recommended for installation via standard package managers like Homebrew or Cargo. - [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to run its own scripts and interface with external CLIs likegit,lin, andlinear. These operations are well-documented and essential for the skill's project management functionality, including status updates and issue tracking. - [DATA_EXFILTRATION]: The skill provides a utility,
extract-image.ts, which reads Claude Code session logs from the local filesystem (~/.claude/projects/) to retrieve base64-encoded images shared in the conversation. These images are then uploaded to Linear's official S3 storage viaupload-image.tsto be attached to issues. This behavior is a legitimate functional requirement for image support within the Linear integration. - [SAFE]: The skill demonstrates high quality and maturity, including integrated smoke tests, TypeScript type checking, and clear security guidance regarding the masking and management of API keys using environment variables or secret management tools.
Audit Metadata