Release Process Skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation for a standard release process. No malicious patterns were detected.
- [COMMAND_EXECUTION]: Describes the execution of local PowerShell scripts and the vsce CLI tool for extension publishing. These are standard operations for the stated purpose of the skill.
- [CREDENTIALS_UNSAFE]: Provides guidance on managing Personal Access Tokens (PATs) for the VS Code Marketplace. It correctly identifies these as sensitive and suggests using environment variables or gitignored .env files.
- [EXTERNAL_DOWNLOADS]: References the vsce package from Microsoft (a trusted organization) and official documentation from Microsoft domains.
- [PROMPT_INJECTION]: The skill processes repository files such as package.json and CHANGELOG.md (ingestion points) and has the capability to execute scripts and CLI tools (capability inventory). No explicit boundary markers or sanitization are defined for these untrusted inputs, representing a standard surface area for indirect injection.
Audit Metadata