Semantic Version Advisor
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill's core workflows involve using
WebFetchandWebSearchto retrieve and analyze external data such as changelogs and dependency information (File: SKILL.md). It lacks explicit instructions for the agent to ignore embedded instructions or use boundary markers when processing this untrusted external content, creating a surface for indirect prompt injection. - External Downloads & Remote Code Execution (MEDIUM): In the 'Integration with Other Tools' section (File: SKILL.md), the skill suggests executing commands like
npx ncu --jsonUpgraded. Thenpxutility is designed to download and execute packages from the npm registry. If an agent automatically attempts these integrations while researching a package, it may execute unverified remote code. - Data Exposure (LOW): The skill points to a local file path
~/.claude/standards/semver.mdfor full specifications. While likely intended as a reference, accessing files within hidden configuration directories (.claude) can be a precursor to exploring sensitive agent metadata.
Audit Metadata