artifact-updater
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill invokes local utility scripts using
spawnSync. These invocations use fixed internal paths relative to the project root, preventing command injection from user-provided inputs. - DATA_EXPOSURE (SAFE): Access is limited to reading and updating metadata in local artifact files. The skill contains no network functionality and does not transmit data externally.
- Indirect Prompt Injection (SAFE): While the skill reads artifact content, its processing logic is restricted to specific YAML frontmatter replacement for metadata management. It does not evaluate or interpret file content as instructions.
Audit Metadata