sync

SUSPICIOUS due to install/execution trust, not because the workflow is misaligned. The skill’s git/Linear/project-reading capabilities match its purpose, and its data flows are mostly direct and proportionate. The main concern is reliance on a non-official third-party `linear` CLI for authenticated Linear operations, which creates a medium supply-chain and credential-forwarding risk even though the tool appears open-source and verifiable.