infer-tracking-plan
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script used for update notification purposes. It executes standard npm commands (
npm viewandnpm ls) to check for the latest versions of@inferevents/sdkand@inferevents/mcp. Results are cached locally in~/.infer/last-update-check.jsonfor performance. - [EXTERNAL_DOWNLOADS]: The skill queries the public npm registry, which is a well-known and trusted service, to fetch version metadata. No external scripts are downloaded or executed.
- [PROMPT_INJECTION]: The skill analyzes untrusted data from the user's codebase (e.g.,
package.json,README.md, and source files). While this presents a surface for indirect prompt injection, the risk is inherent to the skill's primary purpose of codebase analysis. Safety is maintained through the skill's internal logic which requires explicit user approval before making any code changes. - Ingestion points: Reads
package.json,README.md,CLAUDE.md, and various source code files (Phase 1, 2, and 3). - Boundary markers: Absent; the skill does not explicitly use delimiters to separate user code from agent instructions.
- Capability inventory: The skill has the capability to propose and implement track() calls in files after receiving user confirmation (Phase 6).
- Sanitization: None; the agent processes the files as raw text.
Audit Metadata