upgrade-plugin
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Retrieves latest release notes and changelogs from Anthropic's official GitHub repository (github.com/anthropics/claude-code).
- [EXTERNAL_DOWNLOADS]: Fetches current documentation and model capability updates from Anthropic's official site (docs.anthropic.com).
- [COMMAND_EXECUTION]: Utilizes standard shell utilities (ls, find, cat, wc, head) to inventory and audit local plugin files within the user's plugin cache and current working directory.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from external URLs and other installed plugins to derive upgrade patterns. ● Ingestion points: Content retrieved via WebFetch and WebSearch from Anthropic domains; local file reads of other plugins via Glob and Read. ● Boundary markers: The instructions do not define specific delimiters or 'ignore' instructions for the ingested content. ● Capability inventory: The skill has the capability to write to local files (Phase 4) and execute shell commands for verification. ● Sanitization: There is no explicit sanitization or validation logic for the ingested markdown and text content before it is used to influence file modifications.
Audit Metadata