Skills
skills/artwist-polyakov/polyakov-claude-skills/sourcecraft-publisher/Gen Agent Trust Hub

sourcecraft-publisher

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/publish_static.py uses subprocess.run to execute git commands for repository management, including cloning, staging, committing, and pushing changes.
  • [EXTERNAL_DOWNLOADS]: The skill performs a shallow clone of repositories from the git.sourcecraft.dev domain to manage the publishing workflow.
  • [DATA_EXFILTRATION]: The skill transmits user-provided artifacts to external SourceCraft repositories. This is the intended behavior for the deployment of static sites and is directed toward a well-known cloud infrastructure provider.
  • [CREDENTIALS_UNSAFE]: The skill requires an OAuth2 token for repository access. The script handles this token to authenticate Git operations. While the token is used in a remote URL for automation, the operation occurs within a temporary directory to minimize persistence risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 03:24 AM