verify-releases
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Credential Storage Configuration: The instructions for configuring NuGet authentication involve storing a token in clear text on the local filesystem. This is a common requirement for accessing certain GitHub Packages feeds, though users should be aware that it stores sensitive information in an unencrypted format.
- External Dependency Installation: The skill installs the
release-notestool from a personal GitHub Packages repository. While this tool is necessary for the skill's validation logic, it introduces a dependency on an external source outside of official organization-managed package registries. - Command Execution: To perform its validation tasks, the skill executes various shell commands, including
dotnet tooloperations andnpxfor linting. These commands are integral to the skill's purpose of verifying release integrity and reporting results.
Audit Metadata