release
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses various shell commands to manage the software lifecycle, including
pnpmfor building and testing,gitfor version control operations (tagging, pushing), and the GitHub CLI (gh) for creating releases. - [EXTERNAL_DOWNLOADS]: Includes a post-publish verification step that installs the newly released package globally using
npm i -gto confirm deployment success. - [DATA_EXFILTRATION]: As part of its primary function, the skill transmits project artifacts to the npm registry and GitHub. It also contains hardcoded account identifiers (Apple ID and Team ID) used for mobile builds, which is a form of metadata exposure specific to the target project environment.
Audit Metadata