ln-823-pip-upgrader
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch shared reference files and configurations from the author's official GitHub repository (
https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) if they are missing from the local environment. - [COMMAND_EXECUTION]: The skill executes various package management and system commands to perform its primary function, including
pip install --upgrade,poetry update,pipenv update, andpython -c "import <package>"for dependency verification. - [DATA_EXFILTRATION]: The skill reads project manifests (
requirements.txt,pyproject.toml,Pipfile) and writes summary artifacts to the local filesystem (e.g.,.hex-skills/runtime-artifacts/). This represents a data ingestion and writing surface that could be leveraged if the environment contains sensitive information. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted dependency files.
- Ingestion points: Dependency manifest files including
requirements.txt,pyproject.toml, andPipfile(File:SKILL.md). - Boundary markers: The instructions do not specify any delimiters or safety warnings to prevent the agent from obeying instructions embedded within these external manifest files.
- Capability inventory: The skill has the capability to install arbitrary packages, execute shell commands through package managers, and run arbitrary Python code via smoke tests (Files:
SKILL.md,references/python_venv_handling.md). - Sanitization: There is no evidence of sanitization or validation of the input manifests before they are processed by the toolchain.
Audit Metadata