Skills
skills/peterfox/agent-skills/composer-upgrade/Gen Agent Trust Hub

composer-upgrade

Warn

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/diff_lock.py generates composer require and composer remove commands by interpolating package names and versions directly from composer.lock files without any shell escaping or sanitization.
  • [REMOTE_CODE_EXECUTION]: The skill workflow for resolving merge conflicts instructs the agent to execute shell commands generated by the vulnerable diff_lock.py script.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes and acts upon untrusted data from external composer.lock files.
  • Ingestion points: scripts/diff_lock.py reads composer.lock content from local paths or git revisions.
  • Boundary markers: No delimiters or instructions to ignore embedded malicious content are present.
  • Capability inventory: The skill has shell command execution capabilities via composer, git, and python3.
  • Sanitization: No validation or sanitization of the JSON data from lock files is performed before command construction.
  • [COMMAND_EXECUTION]: The script scripts/diff_lock.py uses subprocess.run to call git show. While it uses a list to avoid shell injection, the ref argument is derived from user input, providing a surface for argument injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 15, 2026, 09:49 AM