update-packages
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands using
bun,npm, and a utility namedbut. These are used for dependency management, running tests, and git branch operations. Thebutcommand is recognized as a vendor-specific tool consistent with the author's context. - [EXTERNAL_DOWNLOADS]: The skill directs the agent to synchronize Docker image versions with
mcr.microsoft.com/playwright. This repository is owned by Microsoft, which is a well-known and trusted service provider. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing data from external sources.
- Ingestion points: The agent reads contents from
package.json,Dockerfile, CI/CD YAML files, and the output of thenpm viewcommand. - Boundary markers: The instructions lack explicit delimiters or 'ignore' directives for content processed from these files, which could lead to the agent inadvertently following instructions embedded in malicious package metadata or project files.
- Capability inventory: The skill has the capability to write to the local file system and execute shell commands (
bun,npm,but). - Sanitization: No sanitization or validation of the data retrieved from external registries or processed files is specified before it is used in further operations.
Audit Metadata