update-deps
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development commands such as 'pnpm outdated', 'pnpm update', 'pnpm test', and 'pnpm lint'. These operations are performed within the local project context and the user-provided backend directory to facilitate dependency management.
- [EXTERNAL_DOWNLOADS]: Fetches package metadata and changelog information using 'npm view' and 'WebFetch' from well-known services including the npm registry and GitHub. These references are used for analysis of breaking changes before applying updates.
- [DATA_EXPOSURE]: Avoids hardcoding sensitive file paths by requiring the user to provide the 'BACKEND_DIR' path at runtime, ensuring file system access remains under user control.
- [REMOTE_CODE_EXECUTION]: While 'pnpm update' and 'pnpm install' download and execute code from the npm registry, this is the intended primary purpose of the skill and targets a well-known service.
Audit Metadata