upgrade
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches versioning information and source code from the author's GitHub repository (github.com/canhta/deliverable) to facilitate the update process.
- [COMMAND_EXECUTION]: Utilizes system commands such as git, curl, and npx to manage installation detection and file synchronization. These operations are limited to the skill's defined installation directories.
- [PROMPT_INJECTION]: Ingestion point: Remote version data from raw.githubusercontent.com (SKILL.md); Boundary markers: Absent; Capability inventory: Shell execution via git, npx, and curl (SKILL.md); Sanitization: Absent. The surface for indirect injection exists but the source is the author's own repository.
Audit Metadata