Skills
skills/blogic-cz/agent-tools/update-packages/Gen Agent Trust Hub

update-packages

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted external data.\n
  • Ingestion points: references/check-outdated.ts fetches release note bodies from the GitHub API and stores them in outdated-changelog.json.\n
  • Boundary markers: Absent. No delimiters or instructions are used to separate the external content from the agent's primary instructions.\n
  • Capability inventory: SKILL.md directs the agent to auto-implement configuration changes (T0/T1 features) and run bun run check and git commit.\n
  • Sanitization: Absent. The script does not validate or sanitize the release note content.\n- [REMOTE_CODE_EXECUTION]: The script references/skills-update-local.ts uses Bun.spawn to run bunx skills@latest add, which downloads and installs agent skills from remote GitHub repositories based on a local lockfile.\n- [COMMAND_EXECUTION]: The skill relies on shell command execution to perform its primary functions, including bun run, git checkout, and git commit to manage dependencies and version control.\n- [EXTERNAL_DOWNLOADS]: The skill connects to the npm registry (registry.npmjs.org) and the GitHub API (api.github.com) to fetch package metadata and release history.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 06:40 AM