package-upgrade
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface where it ingests untrusted data from external sources and local files.
- Ingestion points: Web research results from npm, GitHub, and official documentation (via WebSearch/WebFetch); local
package.jsonfiles. - Boundary markers: The skill lacks explicit boundary markers or delimiters to separate untrusted data from instructions, though it does use a 'Context Anchor System' to refocus the agent.
- Capability inventory: The skill is granted powerful tools including
Bash,Write,Edit, andWebFetchto perform its tasks. - Sanitization: No explicit sanitization or filtering of the content retrieved from the web or local files is mentioned.
- Command Execution (SAFE): Although the
Bashtool is enabled, it is primarily intended for file discovery and codebase analysis (Grep/Glob). No malicious shell patterns or arbitrary command execution instructions were found.
Audit Metadata