publish-npm-package
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides high-quality guidance for setting up CI/CD workflows using trusted industry-standard tools like Changesets, Release-please, and Semantic-release.
- [SAFE]: It explicitly incorporates security hardening techniques, such as pinning GitHub Actions to specific commit SHAs and using OIDC to eliminate the need for long-lived secrets.
- [SAFE]: The provided troubleshooting and configuration templates demonstrate a strong understanding of security risks, including specific warnings and remediations for command injection vulnerabilities in workflow files.
- [SAFE]: All external references and dependencies are directed toward well-known technology providers and official registries.
Audit Metadata