Skills
skills/jeremylongshore/claude-code-plugins-plus/speak-upgrade-migration/Gen Agent Trust Hub

speak-upgrade-migration

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (!command) in SKILL.md to run npm list, allowing the agent to check the environment state during initialization. It also instructs the user or agent to run validation commands like npm test and node -e to confirm compatibility.
  • [EXTERNAL_DOWNLOADS]: The skill includes instructions to download and update the @speak/language-sdk from the npm registry. These operations target the official package for the Speak language learning service.
  • [PROMPT_INJECTION]: The skill includes a file-migration script that creates an indirect prompt injection surface by processing project source code.
  • Ingestion points: Reads files with .ts, .tsx, .js, and .jsx extensions from the ./src directory.
  • Boundary markers: No delimiters or instructions to ignore embedded code are used during the file read/write process.
  • Capability inventory: The agent is granted Write, Edit, and Bash capabilities to perform file modifications and install packages.
  • Sanitization: The migration script performs direct string replacements based on fixed regex patterns and does not validate the content of the files being modified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 07:25 PM