code-upgrade
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes migration commands and installation scripts based on research findings gathered from the internet.- [EXTERNAL_DOWNLOADS]: The skill invokes package managers to download and install new dependencies. The package names and versions are determined dynamically through external web research.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where malicious instructions in third-party documentation could influence the agent's behavior.
- Ingestion points: Web search results and sub-agent research outputs (SKILL.md and SUBAGENT.md, Step 3).
- Boundary markers: None identified. The skill does not explicitly instruct the agent to ignore instructions embedded within the retrieved research data.
- Capability inventory: The skill can modify project files, install software packages, and execute shell commands for testing and migration.
- Sanitization: Human-in-the-loop validation is required in Step 4, serving as a primary defense against executing malicious or incorrect instructions generated during the research phase.
Audit Metadata