dependency-upgrade
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest external and untrusted data which can influence sensitive operations.
- Ingestion points: Uses
curlto fetch changelogs from remote repositories andglobto read local source files (src/**/*.tsx). - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: Possesses
fs.writeFileSync(via migration scripts),npm install, andnpxexecution capabilities. - Sanitization: Absent. The skill suggests using regex-based replacement on file contents which can be subverted by malicious input.
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill relies on runtime installation and execution of third-party packages.
- Evidence: Recommends running various tools via
npx(npm-check-updates,madge,changelog-parser,react-codeshift) which downloads and executes code from the npm registry at runtime. - Risk: An attacker could use typosquatting or dependency confusion to execute malicious code when the agent attempts to 'upgrade' a dependency.
- Command Execution (HIGH): The skill frequently invokes shell commands to modify the environment.
- Evidence: Extensive use of
npm install,npm audit,yarn dedupe, and custom shell scripts for rollbacks. - External Downloads (LOW): The skill performs remote network requests to fetch documentation.
- Evidence:
curl https://raw.githubusercontent.com/facebook/react/main/CHANGELOG.md. - Status: This specific finding is downgraded to LOW per [TRUST-SCOPE-RULE] as 'facebook' is a Trusted GitHub Organization, though the content retrieved still serves as an injection vector.
Recommendations
- AI detected serious security threats
Audit Metadata