release-automation-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references industry-standard packages and GitHub Actions including '@changesets/cli', 'semantic-release', and 'actions/checkout'. These downloads originate from trusted registries (npm) and official repositories.
- [COMMAND_EXECUTION] (SAFE): The provided shell scripts and YAML workflow snippets (e.g., 'npm ci', 'npx semantic-release') are standard for release automation and are intended to be executed within a user's controlled CI environment.
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly demonstrates the use of GitHub Secrets (e.g., '${{ secrets.NPM_TOKEN }}') for authentication instead of hardcoding sensitive credentials.
- [DATA_EXPOSURE] (SAFE): File access is limited to standard project configuration files like 'package.json' for versioning logic, with no evidence of sensitive data exfiltration.
Audit Metadata