Skills
skills/levnikolaevich/claude-code-skills/ln-713-pip-upgrader/Gen Agent Trust Hub

ln-713-pip-upgrader

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several system commands for dependency management and verification. Evidence includes:
  • Phase 2: pip-audit --json, poetry audit, and pipenv check.
  • Phase 3 & 4: pip list --outdated, pip install --upgrade <package>, poetry update, and pipenv update.
  • Phase 5: python -c "import <package>" and pytest for installation verification. These commands can execute arbitrary code if the packages being installed or tested contain malicious scripts.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it actively ingests data from untrusted external sources to guide its actions.
  • Ingestion points: Uses WebSearch, mcp__Ref__ref_read_url, and mcp__context7__query-docs to find migration guides and fixes for breaking changes.
  • Boundary markers: The documentation does not specify the use of delimiters or 'ignore instructions' blocks when processing these search results.
  • Capability inventory: The agent can perform file writes (updating requirements/toml), package installations (pip install), and code execution (pytest, python -c).
  • Sanitization: There is no mention of sanitizing or validating the instructions found in external migration guides before application.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external code via package managers (pip, poetry, pipenv) targeting standard registries like PyPI. Additionally, diagram.html loads the Mermaid.js library from https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js, which is a well-known and trusted CDN service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:43 PM