Skills
skills/casper-studios/casper-marketplace/bump-deps/Gen Agent Trust Hub

bump-deps

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Prompt Injection (LOW): The <user-guidelines> block in SKILL.md directly interpolates $ARGUMENTS, which allows a user to provide instructions that could override the skill's core logic or bypass safety constraints.
  • Indirect Prompt Injection (LOW):
  • Ingestion points: The package-upgrade-analyzer sub-agent consumes data from external GitHub repository URLs (repo_url) which are attacker-controlled.
  • Boundary markers: Absent. There are no delimiters or warnings to the sub-agent to ignore instructions embedded in the changelogs or READMEs it analyzes.
  • Capability inventory: The skill has the ability to execute shell commands (gh, pnpm, uv), write to the filesystem, and delete files (rm).
  • Sanitization: None. Information from external sources is used to influence the Plan tool's actions without sanitization.
  • Command Execution (LOW): The skill constructs a PR_TITLE using package names and then executes a gh pr create command via bash. If a package name contains shell metacharacters (e.g., backticks or subshells), it could lead to unexpected command execution within the environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 08:01 PM