Skills
skills/cerico/macfair/outdated/Gen Agent Trust Hub

outdated

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to audit project dependencies.
  • Uses pnpm outdated to identify available updates.
  • Uses pnpm view to fetch package metadata such as distribution tags, version history, and release timestamps.
  • [PROMPT_INJECTION]: The skill processes potentially untrusted data from external sources, creating an indirect prompt injection surface.
  • Ingestion points: Reads existing migration notes from tmp/UPGRADES.md and metadata from the npm registry via pnpm outputs.
  • Boundary markers: No specific delimiters are defined to isolate external data from the agent's logic.
  • Capability inventory: The skill performs subprocess execution (pnpm) and file system operations (read/write tmp/UPGRADES.md).
  • Sanitization: No explicit sanitization or validation of the data retrieved from the registry or the local upgrade file is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 12:30 PM