linear-sync

The skill presents a coherent, purpose-aligned orchestration for Linear-GitHub sync, with clearly defined roles for a foreground subagent and Bash API mutations. The dependency on local state files and repository config is expected for a tightly integrated supply-chain tooling flow. While the overall footprint is appropriate for its stated purpose, the design includes areas that could impact security and reliability if misconfigured: parallel API calls, automatic ownership changes, and state/config writes to the local filesystem. No hardcoded secrets or obvious credential exfiltration patterns are evident in the provided material, but credential-containing state/files and shell-based API flows warrant careful access control, input validation, and robust error handling to prevent leakage or unauthorized mutations. Overall risk is medium (suspicious-but-benign) given the powerful automation and data flows, with elevated caution recommended for deployment in shared or untrusted environments.