minecraft-ci-release
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation correctly emphasizes security best practices by instructing users to manage API tokens (e.g., MODRINTH_TOKEN, CURSEFORGE_TOKEN) through GitHub Secrets and environment variables. All code snippets use placeholders instead of hardcoded sensitive information.
- [EXTERNAL_DOWNLOADS]: The CI/CD workflow templates utilize well-known and reputable GitHub Actions (actions/checkout, actions/setup-java, gradle/actions) and standard community Gradle plugins (minotaur, curseforgegradle) from established sources.
- [COMMAND_EXECUTION]: The skill includes shell scripts for common development tasks such as Git tagging and versioning. These scripts use standard system commands like 'sed' and 'git' to manage project metadata.
- [REMOTE_CODE_EXECUTION]: A bundled validator script ('validate-workflow-snippets.sh') executes a local, minified version of the 'js-yaml' library using Node.js. This utility is used to verify the syntax and integrity of the documentation's YAML snippets and does not perform network operations or access sensitive system files.
Audit Metadata