package-publishing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely informational, providing documentation and configuration snippets for npm package management without including any executable scripts or malicious instructions.
- [SAFE]: All external tools referenced (e.g., tsup, publint, rollup) are well-known, industry-standard utilities in the JavaScript ecosystem.
- [SAFE]: The skill promotes secure supply-chain practices, such as using the 'files' allowlist to prevent data exposure and enabling provenance attestation in CI/CD pipelines.
Audit Metadata