cli-upgrade
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the user-provided tool name directly using
subprocess.runto detect its current version (e.g., executingtool --version). - [COMMAND_EXECUTION]: The skill runs the
npmCLI tool with package names that may be derived from user input or specified in the provider registry. - [EXTERNAL_DOWNLOADS]: Fetches release metadata and changelogs from well-known sources including GitHub's public API, npm, and PyPI.
- [PROMPT_INJECTION]: The skill processes and summarizes external release notes, creating a surface for indirect prompt injection.
- Ingestion points:
scripts/fetch_releases.pyfetches release bodies and metadata from GitHub, npm, and PyPI. - Boundary markers: None. Summarized release notes are incorporated into the Markdown output without explicit delimiters or instructions to ignore embedded content.
- Capability inventory: The skill has command execution capabilities via
subprocess.runinscripts/resolve_source.py(tool execution) andscripts/fetch_releases.py(npm execution). - Sanitization:
scripts/summarize_changes.pyimplements basic character and link cleaning but does not sanitize against malicious prompt instructions within the release notes.
Audit Metadata