clerk-upgrade-migration
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill utilizes standard development commands and references official documentation from well-known services.
- [COMMAND_EXECUTION]: The skill employs
npm,git,grep, andsedfor dependency management and code migration. These operations are restricted to the local development environment and are appropriate for the skill's stated purpose of SDK migration. - [EXTERNAL_DOWNLOADS]: External references and package installations are limited to official Clerk packages from the npm registry and documentation links to clerk.com and GitHub. These are well-known technology services and are treated as safe sources.
- [DYNAMIC_CONTEXT_INJECTION]: The skill uses the dynamic context injection syntax (
!npm list...) inSKILL.mdto display the current state of Clerk packages when the skill is loaded. This is a benign use of the feature for development workflow integration. - [INDIRECT_PROMPT_INJECTION]: The skill analyzes local source files (
*.ts,*.tsx) to identify migration targets. While this presents a theoretical ingestion surface for untrusted data in a shared codebase, the skill's capabilities are scoped to standard file modifications, representing a low risk factor.
Audit Metadata