framework-migration-deps-upgrade
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The DependencyAnalyzer class in resources/implementation-playbook.md uses subprocess.run to execute local package managers such as npm and pip for auditing updates.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses external, untrusted changelog data in the BreakingChangeDetector class.
- Ingestion points: External changelog content is fetched and read in the _fetch_changelog method.
- Boundary markers: No delimiters or isolation markers are present to prevent embedded instructions from being interpreted.
- Capability inventory: The skill can execute subprocesses for package management (npm, pip) and git operations.
- Sanitization: The skill lacks sanitization or validation of the fetched external text before it is processed via regular expressions and included in output guides.
Audit Metadata