npm-trusted-publishing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill contains no executable scripts or code. It serves as an instructional guide for users to configure their own GitHub Actions workflows.
- [CREDENTIALS_UNSAFE] (SAFE): No secrets or hardcoded credentials detected. The content specifically advises against using static NPM_TOKENs.
- [EXTERNAL_DOWNLOADS] (SAFE): References official and trusted sources including GitHub-maintained Actions (actions/checkout, actions/setup-node) and the npm package manager itself.
Audit Metadata