electron-builder
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [SAFE]: The skill serves as an instructional guide for the well-known and trusted
electron-builderecosystem, providing legitimate configuration examples and best practices. - [EXTERNAL_DOWNLOADS]: References the installation of common development dependencies such as
electron-builder,electron-updater,electron-log, and@electron/notarizefrom the official npm registry. - [COMMAND_EXECUTION]: Documents the use of various CLI commands (e.g.,
electron-builder --mac,pnpm add) necessary for the application packaging and distribution process. - [DATA_EXFILTRATION]: Describes the use of environment variables for handling sensitive credentials (e.g.,
GH_TOKEN,AWS_ACCESS_KEY_ID,APPLE_APP_SPECIFIC_PASSWORD) required for publishing artifacts and code signing. The guide properly advocates for using environment variables rather than hardcoding secrets. - [REMOTE_CODE_EXECUTION]: Provides instructions for implementing 'Build Hooks' (
beforePack,afterSign, etc.), which allow developers to execute custom JavaScript/TypeScript scripts during specific phases of the build pipeline.
Audit Metadata