Skills
skills/btfranklin/skills/publish-python-package-pypi/Gen Agent Trust Hub

publish-python-package-pypi

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use standard Python development and build tools.
  • Execution of pdm build, pdm run ruff, and pdm run pytest for package validation and testing.
  • Use of python -m pip install to manage development dependencies such as pdm.
  • [EXTERNAL_DOWNLOADS]: The provided GitHub Action templates reference external components for the CI/CD pipeline.
  • Fetches official GitHub Actions (actions/checkout, actions/setup-python) and a community-standard action (pypa/gh-action-pypi-publish). Note that the version numbers specified in the baseline patterns (v6.x) are ahead of the current official releases.
  • References a vendor-owned action, btfranklin/release-notes-scribe, for automated documentation tasks.
  • [PROMPT_INJECTION]: The draft-release-notes.yml workflow presents a surface for indirect prompt injection as it processes external repository content.
  • Ingestion points: The workflow (via the release-notes-scribe action) ingests Pull Request titles, body text, and commit messages from the repository.
  • Boundary markers: The provided template does not include explicit delimiters or instructions to the LLM to isolate or ignore potentially malicious content within the ingested data.
  • Capability inventory: The workflow requires contents: write permissions to automate the creation of draft releases on GitHub.
  • Sanitization: No explicit sanitization or validation steps are defined for the repository data before it is processed for release note generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 05:28 PM
Security Audit — agent-trust-hub — publish-python-package-pypi