Skills
skills/product-on-purpose/pm-skills/utility-update-pm-skills/Gen Agent Trust Hub

utility-update-pm-skills

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches update artifacts and version information from the official GitHub repository github.com/product-on-purpose/pm-skills. These downloads are restricted to curated build artifacts produced by the project's own release process.
  • [COMMAND_EXECUTION]: System tools including curl, wget, git, and the GitHub CLI (gh) are used to check for updates and manage file downloads. These operations are gated by pre-flight checks and user confirmation.
  • [REMOTE_CODE_EXECUTION]: The skill updates local agent instructions by overwriting existing skill files with newer versions from the official source. This is the primary intended function of the utility and includes validation steps to ensure the integrity of the downloaded content.
  • [DATA_EXFILTRATION]: No exfiltration patterns were identified. Network operations are exclusively used to pull data from the project's repository, and local file access is limited to reading version metadata and backing up existing project files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 12:45 PM