blocklet-updater
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill identifies and executes arbitrary commands derived from local project files, such as
make bump-versionorpnpm run build. This allows the owner of the target project to run arbitrary shell commands on the runner system. - EXTERNAL_DOWNLOADS (MEDIUM): The workflow executes
pnpm install, which downloads and installs third-party packages from the public npm registry. This is a standard but unverifiable external dependency risk. - PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface as it parses untrusted local files like
CHANGELOG.mdandblocklet.ymlto populate variables used in shell commands and file-system operations. Ingestion points: package.json, Makefile, CHANGELOG.md, blocklet.yml. Boundary markers: None present. Capability inventory: Shell execution (pnpm, make, lerna, git, blocklet) and file modification (sed). Sanitization: No validation or escaping is performed on script names or versions extracted from the project files.
Audit Metadata