update-everything
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently executes local shell scripts (e.g.,
./scripts/updateEverything.sh,./scripts/syncToolchainVersions.sh, and./packages/client/scripts/downloadGradleWrapper.sh) and standard package management tools includingpnpm,npm,bundle,pod, andgradlew. These operations are central to the skill's purpose of automating repository updates. - [EXTERNAL_DOWNLOADS]: The skill fetches version metadata from well-known technology providers to align local configurations. Specifically, it references
https://releases.electronjs.org/releases.jsonfor Node.js alignment andhttps://dl.google.com/android/repository/repository2-1.xmlfor Android SDK levels. - [PROMPT_INJECTION]: The skill processes untrusted external data which could potentially contain malicious instructions targeting the agent's logic.
- Ingestion points: Data is ingested from external APIs (Electron releases, Google Android repository) and local project files (e.g.,
package.json,Gemfile.lock,.nvmrc). - Boundary markers: No explicit boundary markers or "ignore embedded instructions" warnings are documented for the processing of this external metadata.
- Capability inventory: The skill possesses high-privilege capabilities within the environment, including shell script execution, package installation, and modification of sensitive configuration files.
- Sanitization: There is no mention of sanitization or schema validation of the remote JSON/XML metadata before it is used to influence local toolchain versions and script execution paths.
Audit Metadata