Skills
skills/tbsten/skills/kotlin-maven-central-publish/Gen Agent Trust Hub

kotlin-maven-central-publish

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Analysis of the skill instructions and example code reveals no malicious patterns or security risks.
  • [CREDENTIALS_UNSAFE]: The skill handles sensitive information, such as GPG keys and Sonatype credentials, by instructing the user to configure them as GitHub Secrets. This is the recommended secure approach for CI/CD pipelines and no hardcoded secrets were found in the provided files.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the com.vanniktech.maven.publish Gradle plugin and official GitHub Actions from the actions/ and gradle/ organizations. These are recognized as well-known and trusted resources within the software development ecosystem.
  • [COMMAND_EXECUTION]: Shell commands provided for local verification and GPG key setup are standard development operations and do not involve suspicious execution patterns or unsanitized input injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 11:45 PM