Skills
skills/antjanus/skillbox/setup-semantic-release/Gen Agent Trust Hub

setup-semantic-release

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses standard shell commands (npm install, npx, echo, rm) to configure the local development environment and initialize git hooks. These operations are transparent and necessary for the stated purpose of setting up a release workflow.
  • [EXTERNAL_DOWNLOADS]: Fetches widely-used, well-maintained development dependencies from the npm registry, such as semantic-release, @commitlint/cli, and husky. These are standard tools in the Node.js ecosystem for managing releases and git hooks.
  • [CREDENTIALS_SAFE]: The skill follows security best practices for secret management by utilizing GitHub Actions secrets (${{ secrets.GITHUB_TOKEN }} and ${{ secrets.NPM_TOKEN }}) in the provided CI configuration, preventing the exposure of sensitive credentials.
  • [REMOTE_CODE_EXECUTION]: The skill generates local configuration files (commitlint.config.js, .releaserc.json, .husky/commit-msg) and a GitHub Actions workflow. All generated content is static, transparent, and intended for legitimate automation purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 05:09 PM
Security Audit — agent-trust-hub — setup-semantic-release