Skills
skills/bytelandtechnology/cli-forge/cli-forge-publish/Gen Agent Trust Hub

cli-forge-publish

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes Node.js and shell scripts to automate build and release tasks, executing standard development tools such as cargo for Rust builds, npm for package management, and the GitHub CLI (gh) for repository operations. Input validation is performed on package names and identifiers in validate-config.mjs to ensure they conform to expected formats.
  • [EXTERNAL_DOWNLOADS]: The automation fetches build tools and artifacts from well-known sources:
  • The llvm-mingw toolchain is downloaded from its official GitHub repository for cross-compilation tasks.
  • The install-current-release.sh helper downloads release archives from GitHub, verifying integrity via SHA-256 checksums.
  • System-level dependencies are installed via established package managers (brew, apt-get).
  • [REMOTE_CODE_EXECUTION]: The CI workflow and rehearsal scripts use npx to execute semantic-release and its standard plugin suite. This represents standard industry practice for automated software releases and relies on the security of the official npm registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 08:47 AM
Security Audit — agent-trust-hub — cli-forge-publish