skills/manaflow-ai/cmux/cmux-release/Gen Agent Trust Hub

cmux-release

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes repository-local shell scripts ./scripts/bump-version.sh and ./scripts/release-pretag-guard.sh to handle versioning logic and pre-release verification.
  • [COMMAND_EXECUTION]: It employs standard command-line interfaces including git for tag management and pushing, and the GitHub CLI (gh) to watch release workflow status.
  • [SAFE]: References to sensitive secrets (e.g., Apple certificate passwords) are documented only as environment requirements for the GitHub Actions pipeline; no credentials are hardcoded or exfiltrated.
  • [SAFE]: All external download links and repository references point to the vendor's official GitHub organization (manaflow-ai), representing legitimate development workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:01 PM
Security Audit — agent-trust-hub — cmux-release