semantic-release
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing official and widely-used packages from the @semantic-release organization, which is a standard practice for this tool.
- [COMMAND_EXECUTION]: Includes standard instructions for package installation (npm install) and release execution (npx semantic-release) within CI/CD pipelines.
- [CREDENTIALS_UNSAFE]: Documentation correctly advises users to use environment variables and GitHub Secrets (e.g., ${{ secrets.NPM_TOKEN }}) for authentication, preventing hardcoded credentials.
- [DATA_EXFILTRATION]: No unauthorized network connections or sensitive data access patterns were detected; the tool operates on standard project files like package.json.
Audit Metadata