Skills
skills/laurigates/claude-plugins/configure-package-management/Gen Agent Trust Hub

configure-package-management

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts for uv and bun from their official domains (astral.sh and bun.sh).
  • [REMOTE_CODE_EXECUTION]: Installation procedures involve piping remote scripts directly to shell interpreters (curl | sh and curl | bash) for tool setup.
  • [COMMAND_EXECUTION]: Uses dynamic context injection via the !command syntax and the Bash tool to perform project introspection and environment checks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted data from local project configuration files to guide its logic.
  • Ingestion points: Configuration files such as package.json, pyproject.toml, and Cargo.toml located in the project root.
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded prompts in these files.
  • Capability inventory: Includes Bash for command execution, Write and Edit for file modification, and WebFetch for external data retrieval.
  • Sanitization: None; the agent processes file contents directly without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:17 AM