Skills
skills/artwist-polyakov/polyakov-claude-skills/github-pages-publisher/Gen Agent Trust Hub

github-pages-publisher

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The Python script scripts/publish_static.py executes git commands using subprocess.run with list-based arguments, which is a secure method that prevents shell command injection.
  • [CREDENTIALS_UNSAFE]: The skill requires a GitHub token (GHPAGES_TOKEN) for authentication, which is correctly managed through environment variables. The instructions explicitly warn against exposing this token in output or committed files.
  • [EXTERNAL_DOWNLOADS]: The script performs a git clone from GitHub to manage deployment. This targets a well-known service and is a functional requirement for the skill.
  • [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were identified. The script copies files from a local source to a configured remote repository as part of its primary publishing workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 03:25 AM