latest-software-version
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local utility script,
scripts/latest.js, to programmatically check for software versions. This is an expected and controlled use of the command line for the skill's primary function. - [EXTERNAL_DOWNLOADS]: The script performs network requests to fetch JSON metadata from official and well-known software registries, including
registry.npmjs.org,pypi.org,proxy.golang.org,crates.io, andrubygems.org. It also accesses documentation fromai.google.dev, which belongs to the author's organization. All targets are reputable sources. - [DATA_EXFILTRATION]: While the skill makes external network connections, it only transmits package names to query public metadata. There is no evidence of sensitive data access or unauthorized exfiltration of user information.
- [PROMPT_INJECTION]: The instructions in
SKILL.md(e.g., "NEVER GUESS") are designed to improve agent accuracy by discouraging reliance on outdated training data. These instructions do not attempt to override safety protocols or system constraints. - [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote scripts. It parses JSON-formatted metadata from registries to extract version strings, which is a safe operation.
Audit Metadata