doc-smith-publish
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its primary function of publishing local documentation to a remote hub. All network communications are directed to the vendor's official domain (docsmith.aigne.io) or trusted well-known services (GitHub API).
- [COMMAND_EXECUTION]: Local command execution is limited to standard project maintenance tasks, such as 'npm install' for dependency resolution and 'git remote' for retrieving repository metadata. These operations are restricted to the local workspace context.
- [EXTERNAL_DOWNLOADS]: The skill fetches necessary Node.js dependencies from the official NPM registry and documentation configuration from established sources. All downloads originate from trusted or well-known repositories.
- [CREDENTIALS_UNSAFE]: While the skill handles access tokens, it implements secure practices by utilizing a secret storage library (@aigne/secrets) to persist credentials in the user's home directory (~/.aigne/) or the system keyring, rather than hardcoding them or leaving them in plain text prompts.
Audit Metadata