upgrade-plugin
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it uses CHANGELOG.md as the primary source for migration steps and is instructed to execute those steps directly.
- Ingestion points: The skill reads logic from
CHANGELOG.mdand project state fromthoughts/.version. - Boundary markers: The instructions do not define boundary markers or clear separators to distinguish between data and instructions within the changelog file.
- Capability inventory: The skill has the capability to read, write, move, and copy files, as well as interact with the user through
AskUserQuestion. - Sanitization: There is no mention of sanitization or validation of the steps found in the CHANGELOG.md before the agent attempts to follow them.
Audit Metadata