Skills
skills/metyatech/skill-release-publish/release-publish/Gen Agent Trust Hub

release-publish

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes use of administrative commands including sudo and Windows RunAs for tasks requiring elevated privileges. It also provides specific .NET alternatives for shell commands like Remove-Item to ensure functionality across different environments.
  • [EXTERNAL_DOWNLOADS]: The skill installs several Node.js utilities from the author's own scope (e.g., compose-agentsmd, @metyatech/task-tracker, @metyatech/thread-inbox) and fetches updated agent rules from a remote GitHub repository (metyatech/agent-rules).
  • [REMOTE_CODE_EXECUTION]: The verification workflow uses npx to fetch and execute the latest version of a package from the registry to confirm it was published correctly.
  • [DATA_EXFILTRATION]: The instructions note that an automation token is configured for npm publish operations within the author's scope, though no secrets are hardcoded in the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 07:23 AM