changelog-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install standard developer tools from public registries like npm and PyPI (e.g.,
@commitlint/cli,standard-version,commitizen). All referenced packages are well-known in the developer ecosystem. - [COMMAND_EXECUTION]: Includes various shell commands for configuring git hooks, initializing configuration files via
cat, and executing release workflows. These commands are standard for project setup and automation. - [SAFE]: The provided GitHub Actions templates correctly use environment-based secret management (
${{ secrets.GITHUB_TOKEN }},${{ secrets.NPM_TOKEN }}) rather than hardcoding credentials, which is consistent with security best practices.
Audit Metadata