Skills
skills/jianshuo/claude-skills/wjs-publishing-hugo/Gen Agent Trust Hub

wjs-publishing-hugo

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell scripts and Python's subprocess module to perform routine maintenance tasks.
  • scripts/publish.sh executes git push to synchronize changes with the user's remote repository.
  • scripts/add-image.py utilizes the macOS sips utility to resize images locally before they are committed.
  • scripts/categories.sh uses grep, sort, and uniq to parse the content/ directory for existing metadata.
  • [EXTERNAL_DOWNLOADS]: The documentation provides a sample GitHub Actions workflow (deploy.yml) that downloads the Hugo binary from the official Hugo repository on GitHub. This is a well-known, trusted source for the tool required to build the blog.
  • [DATA_EXFILTRATION]: While the skill performs network operations by pushing content to GitHub, this behavior is the primary intended function of a publishing skill. It operates within the scope of the user's own repository and credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 09:09 AM
Security Audit — agent-trust-hub — wjs-publishing-hugo