skill-model-updater
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- Data Exfiltration (LOW): The skill possesses the capability to read all local SKILL.md files and the project's CLAUDE.md while simultaneously having outbound network access via WebFetch and WebSearch. This combination of read access to potentially sensitive project metadata and external network capability constitutes a standard surface for data exfiltration.- External Downloads (LOW): The skill uses WebFetch to ingest content from docs.anthropic.com. While this is an appropriate source for the skill's purpose, it introduces external data into the agent's context.- Indirect Prompt Injection (LOW): The skill processes untrusted data from the internet to influence local file modifications.
- Ingestion points: WebSearch results and WebFetch of the Anthropic models documentation page.
- Boundary markers: Absent; there are no instructions to the agent to treat the fetched content as data only or to ignore embedded instructions.
- Capability inventory: The Edit tool is used to modify SKILL.md and CLAUDE.md based on the fetched data.
- Sanitization: Absent; the skill lacks explicit validation or pattern matching to ensure the 'discovered' model IDs are safe strings.
Audit Metadata