Skills
skills/vamseeachanta/workspace-hub/gsd-update/Gen Agent Trust Hub

gsd-update

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to perform software updates via npm, including cache clearing and version detection. This is the primary intended functionality of the skill.
  • [EXTERNAL_DOWNLOADS]: Fetches package metadata, version information, and software updates from the npm registry, which is a well-known and standard service for Node.js software distribution.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by retrieving and displaying changelog content from the npm registry. Evidence: 1. Ingestion points: Remote changelog data fetched via npm (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Command execution (npm installation) and agent spawning. 4. Sanitization: None mentioned in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 04:33 AM