ce-update
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (the
!commandsyntax) to execute local shell utilities likeecho,grep,basename, anddirname. These are used to parse the${CLAUDE_SKILL_DIR}environment variable and determine the current installation path and version. - [EXTERNAL_DOWNLOADS]: The skill uses the GitHub CLI (
gh api) to retrieve theplugin.jsonfile from the author's official repository (EveryInc/compound-engineering-plugin). This fetch is used solely to obtain the latest version string for comparison purposes.
Audit Metadata