release-please
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: The skill content is purely instructional, providing guidance on setting up versioning and release automation using established tools from a reputable source.
- [EXTERNAL_DOWNLOADS]: The skill references the official GitHub Action
googleapis/release-please-actionand configuration schemas hosted on GitHub. These sources are managed by the googleapis organization, a well-known and trusted entity in the software development ecosystem. - [COMMAND_EXECUTION]: The playbooks define GitHub Actions workflow configurations that execute automated release processes. These commands are localized to the CI/CD environment and are standard for the tool's intended purpose of managing repository metadata and releases.
- [DATA_EXFILTRATION]: The skill discusses the management of
GITHUB_TOKENand Personal Access Tokens (PATs). It correctly recommends the principle of least privilege by specifying the minimum required scopes (contents: write,pull-requests: write) and uses standard GitHub Action secrets syntax to ensure credentials are not hardcoded or exposed.
Audit Metadata