The Agent Skills Directory

[SAFE]: The skill is a set of configuration guides and workflow templates for npm publishing via GitHub Actions.- [CREDENTIALS_UNSAFE]: The skill follows security best practices by advising against hardcoding tokens. It correctly recommends using GitHub Secrets and environment variables for sensitive data.- [DATA_EXFILTRATION]: Local diagnostic commands are included to check for existing credentials (e.g., checking shell profiles for NPM_TOKEN), which are transparently presented for user troubleshooting.- [EXTERNAL_DOWNLOADS]: All recommended external dependencies (such as semantic-release, @changesets/cli, and tsup) are well-known, industry-standard packages from the official npm registry.- [PROMPT_INJECTION]: No malicious instruction overrides or bypasses were detected. Phrases like 'IMPORTANT' or 'CRITICAL' are used appropriately for technical steering.- [COMMAND_EXECUTION]: The skill uses standard developer tools (npm, gh, git) in a safe and conventional manner within the context of CI/CD setup.

publish-npm-package