update-release-graph
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Credential Management Consideration]: The skill provides instructions to add a NuGet source using the
--store-password-in-clear-textflag. This practice saves the provided GitHub token in plain text within the local NuGet configuration file, which may expose the token to other processes or users on the system. - [External Tool Installation]: The workflow requires the installation of a global .NET tool (
release-notes) from a specific personal GitHub Packages repository. While the tool is necessary for the skill's functionality, it is hosted outside of the official organizational registries. - [Command Execution]: The skill involves executing various shell commands for tool installation, data validation via Python, and repository management via the GitHub CLI. These operations are consistent with the skill's purpose but require the agent to have execution permissions in the local environment.
Audit Metadata