up-to-date
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill contains a Python script
scripts/check_versions.pyand instructions inSKILL.mdthat execute shell commands (npm info,pip show,pip index). - Evidence: The script uses
subprocess.runto callnpmandpipbinaries on the local system. - Context: These operations are used for legitimate version checking of installed dependencies to ensure the agent is using current documentation. The inputs are generally derived from the project's own
package.jsonor explicit agent commands. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill instructs the agent to fetch and process external documentation from URLs.
- Ingestion points:
SKILL.mddirects the agent to usefetch_webpageor browser tools on external URLs fromreferences/doc-urls.md. - Boundary markers: Absent in the prompt templates, but the skill's primary purpose is to read documentation, not execute instructions found within it.
- Capability inventory: The agent can write files and execute local commands (via
check_versions.py), but the risk of a documentation page containing a 'jailbreak' that successfully triggers these specific local tools is low. - Sanitization: Relies on the agent's underlying safety filters for web browsing.
Audit Metadata