release
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a series of shell commands to automate the release process. This includes using
gitfor state management,npmfor building and testing, and the GitHub CLI (gh) for creating pull requests and releases. These operations are standard for the stated purpose of release management. - [REMOTE_CODE_EXECUTION]: For verification purposes, the skill executes the package's own CLI in Step 8 (local build) and Step 15 (isolated install). This 'dogfooding' approach is a standard quality assurance practice to ensure the artifact functions correctly before and after publication.
- [EXTERNAL_DOWNLOADS]: The workflow includes steps to download and install the newly published package from the npm registry (Step 15) to verify the installation process in a clean environment. This targets the official npm registry, a well-known service.
- [DATA_EXFILTRATION]: The skill is designed to publish the project's source code to the public npm registry. This is the intended primary function of the release skill and is performed using standard package management tools with user oversight.
Audit Metadata