kata-new-project
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to perform environment checks, initialize git repositories, and manage directory structures. It also executes local scripts included in the skill package (
scaffold-intel.cjsandsetup-worktrees.sh) to automate the project setup process. - [EXTERNAL_DOWNLOADS]: The skill scaffolds a GitHub Actions workflow (
release.yml) for automated npm publishing. This workflow utilizes official and widely trusted actions from GitHub's marketplace (actions/checkout,actions/setup-node, andsoftprops/action-gh-release). - [DATA_EXFILTRATION]: Interaction with external services is limited to the official GitHub CLI (
gh) for creating repositories and checking authentication status, which is performed only after explicit user confirmation. - [SAFE]: The skill follows security best practices for secret management by instructing the user to store sensitive tokens (like
NPM_TOKEN) in GitHub Repository Secrets rather than hardcoding them in the workflow files.
Audit Metadata