update-ai-tools
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes git commands such as git diff and git status to identify changes in the directory structure. These are standard read-only operations used for the intended purpose of detecting updates.
- [PROMPT_INJECTION] (SAFE): The skill incorporates an indirect injection surface by reading content from other skill files to generate documentation. 1. Ingestion points: Data is pulled from the name and description fields of SKILL.md and AGENT.md files. 2. Boundary markers: Content is encapsulated within Markdown tables; however, specific ignore-instructions delimiters are not used. 3. Capability inventory: The skill has file system write access for documentation and calls the /changelog skill. 4. Sanitization: No explicit sanitization of descriptions is performed. The risk is assessed as SAFE because the skill requires explicit user invocation (disable-model-invocation: true) and the impact is limited to markdown documentation.
- [DYNAMIC_EXECUTION] (SAFE): The skill generates documentation dynamically based on repository metadata. This is a core feature and does not involve runtime code execution or unsafe deserialization of the generated content.
Audit Metadata