codervisor-forge
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a project infrastructure and automation toolkit. Analysis of its components (templates, scripts, and workflows) confirms that its operations are aligned with its stated purpose of managing Rust and Node.js monorepos.
- [COMMAND_EXECUTION]: The skill includes scripts (e.g.,
publish-main-packages.ts,publish-platform-packages.ts) that utilizeexecSyncandexecFileSyncto execute standard development tools such asnpmandpnpm. Additionally, thebin.jswrapper template usesexecFileSyncto launch the platform-specific native binary, which is the standard implementation for this architectural pattern. - [EXTERNAL_DOWNLOADS]: The skill utilizes several GitHub Actions to automate build and publishing tasks. These include both the author's own actions (e.g.,
codervisor/forge/actions/setup-workspace) and widely used, trusted actions from the community (e.g.,actions/checkout,dtolnay/rust-toolchain,Swatinem/rust-cache). These references are documented neutrally as they originate from trusted or well-known sources. - [DATA_EXFILTRATION]: Network operations within the skill's scripts and workflows are strictly limited to necessary interactions with the npm registry for package publication and GitHub for repository management. No unauthorized data collection or exfiltration patterns were observed.
Audit Metadata