clerk-upgrade-migration
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses npm for package management tasks such as checking versions, viewing changelogs, and installing updates. It also utilizes git for repository management and Grep for searching codebases, which are all standard operations for a migration tool.
- [EXTERNAL_DOWNLOADS]: Fetches the @clerk/nextjs library from the public npm registry. Clerk is a well-known authentication service, and the download targets an official package.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and edits project files and package manifests. However, the logic is constrained to Clerk migration patterns, and no malicious instructions or redirection attempts were detected.
Audit Metadata