Skills
skills/yigitkonur/skills-by-yigitkonur/publish-npm-package/Gen Agent Trust Hub

publish-npm-package

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill instructions promote high-security standards, specifically encouraging OIDC trusted publishing to remove long-lived secrets from CI environments.
  • [SAFE]: Included diagnostic scripts (check-package-json.mjs, check-npm-auth.sh, dry-run-publish.sh) are well-structured for local validation and do not perform any unauthorized network operations or data exfiltration.
  • [SAFE]: The documentation includes extensive guidance on supply chain security, such as auditing dependencies, pinning actions to immutable commit SHAs, and configuring least-privilege permissions for GitHub tokens.
  • [SAFE]: External URLs and dependencies referenced in the documentation target trusted organizations (e.g., Google, Changesets) and well-known services (e.g., unpkg.com), which are considered safe according to trust rules.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:40 PM
Security Audit — agent-trust-hub — publish-npm-package