The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the execution of multiple local TypeScript scripts (check-outdated.ts, report.ts, skills-update-local.ts) using the bun run command. It also performs standard development operations including git branch management and bun install.
[EXTERNAL_DOWNLOADS]: The check-outdated.ts script fetches package metadata from registry.npmjs.org and detailed release notes from the GitHub API (api.github.com). While these are well-known services, the retrieved content is used to influence agent decisions.
[REMOTE_CODE_EXECUTION]: The skills-update-local.ts script uses bunx to download and execute the skills package from the npm registry. Furthermore, it uses the skills add command to download and install additional skills from arbitrary GitHub repositories listed in the project's skills-lock.json file.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via package release notes. The main instructions in SKILL.md direct the agent to 'Auto-implement' changes (classified as Tier T0/T1) discovered in the releases[] field of the outdated-changelog.json file. A malicious maintainer or attacker could craft release notes containing instructions that the agent would then apply to the project's configuration files without sufficient sanitization.
Ingestion points: GitHub Release Notes API results fetched into outdated-changelog.json (via check-outdated.ts).
Boundary markers: No explicit delimiters or instructions are used to separate external release notes from the agent's trusted context.
Capability inventory: The agent has the capability to write to configuration files (SKILL.md Step 2) and execute verification tests (bun run check).
Sanitization: No sanitization or validation of the release note body content is performed before the agent processes it for 'T0/T1' adoption.

update-packages