Skills
skills/dkyazzentwatwa/supernavigator/nav-upgrade/Gen Agent Trust Hub

nav-upgrade

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill automates the installation of the 'Navigator' plugin from the GitHub repository 'alekspetrov/navigator'. Because this repository is not associated with a trusted organization, it poses a risk of installing unverified remote code into the user's environment.
  • COMMAND_EXECUTION (LOW): plugin_updater.py, plugin_verifier.py, and version_detector.py use subprocess.run to interact with the claude CLI. These operations modify the local system state by installing, uninstalling, or updating software.
  • PROMPT_INJECTION (LOW): version_detector.py fetches and parses GitHub release notes using regular expressions to extract changes. This creates an indirect prompt injection surface where a malicious repository owner could inject instructions into the release notes. 1. Ingestion points: version_detector.py via urllib.request to the GitHub API. 2. Boundary markers: None. 3. Capability inventory: Subprocess calls for plugin installation and removal. 4. Sanitization: None; parsed content is returned directly to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:48 PM