dependency-upgrade
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes shell commands for standard development tasks such as installing dependencies and running tests. This is appropriate for its intended purpose.\n- EXTERNAL_DOWNLOADS (LOW): Downloads changelog data from trusted sources (facebook/react) and executes standard utility packages via
bunx. Following [TRUST-SCOPE-RULE], these are categorized as low severity.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill processes external files (e.g., CHANGELOG.md), which is an inherent risk surface for indirect prompt injection.\n - Ingestion points: File content from external dependencies (CHANGELOG.md, MIGRATION.md).\n
- Boundary markers: No explicit markers or warnings for the agent to ignore instructions within ingested data.\n
- Capability inventory: Full file system access and command execution capabilities are present.\n
- Sanitization: No evidence of data sanitization before processing.\n- MISSING_FILES (INFO): The script
scripts/generate-dependency-upgrades.shreturned a 404 error and could not be analyzed.
Audit Metadata