android-playstore-publishing
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill facilitates standard CI/CD practices for mobile application publishing.
- [EXTERNAL_DOWNLOADS]: References official GitHub-maintained actions (e.g.,
actions/checkout,actions/setup-java,actions/upload-artifact) and widely used, reputable community actions (r0adkll/upload-google-play,reactivecircus/android-emulator-runner,softprops/action-gh-release) for deployment and testing. - [COMMAND_EXECUTION]: Uses local shell commands for project building (
gradlew), YAML validation (yamllint), and version management (sed,grep). These operations are restricted to the CI/CD environment and perform expected tasks. - [CREDENTIALS_UNSAFE]: Appropriately handles sensitive data by instructing the user to store service account keys and signing credentials in GitHub Secrets. The workflows include steps to decode base64-encoded keystores and ensure they are deleted from the runner immediately after the build process completes.
Audit Metadata