Skills
skills/continuedev/skills/polish-repo/Gen Agent Trust Hub

polish-repo

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE] (SAFE): The NPM publishing guide correctly implements security best practices by utilizing GitHub OIDC (OpenID Connect) via the id-token: write permission. This allows publishing to npm without the need for a persistent NPM_TOKEN secret.
  • [EXTERNAL_DOWNLOADS] (SAFE): The Go guide provides a template for binary installation using curl. While curl | tar is a manual installation pattern, it is presented as user documentation for a specific GitHub organization (continuedev) rather than a script for the agent to execute on the host.
  • [COMMAND_EXECUTION] (SAFE): Use of sudo mv is included in the installation documentation. This is a standard procedure for moving CLI binaries to protected system directories like /usr/local/bin/ and does not represent an attempt by the skill to escalate its own privileges.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 02:02 AM