semantic-release
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard release automation workflows using established tools such as semantic-release, npm, and the GitHub CLI. No malicious code, exfiltration patterns, or unauthorized access attempts were detected.
- [COMMAND_EXECUTION]: The skill uses shell scripts (Bash and Node.js) to automate project initialization, version synchronization, and documentation linking. These scripts perform standard local operations (Git commands, file editing with sed/perl, and npm package installation) and include interactive confirmation prompts for safety.
- [SAFE]: The skill includes an interactive 'MAJOR Version Breaking Change Confirmation' workflow using the AskUserQuestion feature. This provides a human-in-the-loop verification step when breaking changes are detected in commit history, preventing accidental major version bumps.
- [SAFE]: Credential management follows security best practices by utilizing the GitHub CLI's internal keyring and 'mise' environment configuration to manage tokens, rather than hardcoding secrets. The documentation explicitly warns against using manual personal access tokens in favor of secure web-based authentication.
Audit Metadata