export-pipeline
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities or malicious patterns were identified in the skill. The instructions focus on legitimate game development and deployment workflows.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the official itch.io deployment tool, butler, from its documented infrastructure (broth.itch.ovh). This is a standard and expected operation for game distribution.
- [EXTERNAL_DOWNLOADS]: The GitHub Actions example references established community actions (chickensoft-games/setup-godot, Ayowel/butler-to-itch) which are commonly used in the Godot ecosystem.
- [COMMAND_EXECUTION]: Shell commands used (e.g., mkdir, chmod, sed, godot --headless) are routine for build automation, directory management, and setting file permissions on exported binaries.
- [CREDENTIALS_UNSAFE]: The skill explicitly emphasizes security best practices for secret management, instructing users to never commit passwords or keys to version control and instead use secure alternatives like environment variables or CI secrets.
Audit Metadata