ln-821-npm-upgrader
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it consumes untrusted external documentation to automate code modifications.\n
- Ingestion points: External migration guides and documentation are retrieved using mcp__Ref__ref_read_url, mcp__context7__query-docs, and WebSearch.\n
- Boundary markers: No delimiters or boundary markers are used to distinguish between documentation content and agent instructions.\n
- Capability inventory: The skill can modify project source code via the Edit tool and execute code via npm install, npm run build, and npm test.\n
- Sanitization: No sanitization or validation of the external content is performed before processing.\n- [COMMAND_EXECUTION]: The skill executes various package manager commands and project-specific scripts. Evidence includes the use of npm install, yarn audit, pnpm outdated, and npm run build to perform audits, upgrades, and verification.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to download updated packages and fetch migration documentation. Evidence includes standard dependency resolution via package managers and web-based documentation searches.
Audit Metadata