upgrade-deps
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads package metadata from pypi.org and repository release information from api.github.com. These are well-known technology services and the data is necessary for identifying the latest versions of dependencies.
- [REMOTE_CODE_EXECUTION]: Data retrieved from the PyPI and GitHub APIs is piped to python3 -c for processing. While this involves passing network-sourced data to an interpreter, the commands are used strictly for parsing JSON metadata. This is a common pattern for structured data extraction in automation scripts.
- [COMMAND_EXECUTION]: The skill executes local commands including uv, pytest, pre-commit, and git to manage the development environment, verify compatibility of upgrades, and commit changes. These actions are within the expected scope of a dependency management skill.
Audit Metadata