asdf-runtime-version-updater
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard system and development tools including
asdf,grep,npm,pip,bundle,go, andmix. These operations are limited to the project workspace and are standard for the stated purpose of managing runtime versions. - [REMOTE_CODE_EXECUTION] (LOW): The workflow includes steps to install runtimes via
asdf installand verify the environment by running dependency managers (e.g.,npm install,bundle install) and test suites. While these operations involve downloading and executing code, they are legitimate actions for a developer tool and are executed within the context of the user's project. - [DATA_EXPOSURE] (SAFE): Analysis of the skill's file patterns shows it only interacts with common project configuration files like
.tool-versions,Dockerfile, and GitHub Action workflows. No attempts to access sensitive system files or exfiltrate data were identified. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from project files (e.g., parsing
.tool-versionsandDockerfile). - Ingestion points: Reads content from
.tool-versions,Dockerfile,.github/workflows/*.yml, and other version-referencing files. - Boundary markers: Absent; the agent is instructed to parse these files directly.
- Capability inventory: Executes subprocesses for version management (
asdf), searching (grep), and project verification (npm,pip,mix,bundle,go). - Sanitization: None specified; the skill assumes the project files are well-formed and non-malicious.
Audit Metadata