ln-711-npm-upgrader
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for package management (npm, yarn, pnpm) to audit, check for updates, and install dependencies. It also runs build and test commands (npm run build, npm test) to verify project stability after upgrades.
- [EXTERNAL_DOWNLOADS]: Fetches dependency updates from official package registries and retrieves external documentation and migration guides using search tools to facilitate automated code changes.
- [PROMPT_INJECTION]: Presents an indirect prompt injection surface within its migration automation phase.
- Ingestion points: Processes external documentation and migration guides via search and URL-reading tools (SKILL.md, Phase 5 and 6).
- Boundary markers: No specific delimiters or warnings are defined for the external content retrieved from the web to distinguish it from agent instructions.
- Capability inventory: The skill has the capability to modify project source code via an edit tool, install new packages, and execute arbitrary build and test commands.
- Sanitization: Lacks explicit validation or sanitization of content fetched from external documentation sources before it is processed by the agent to inform code transformations.
Audit Metadata