npm-updater
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through its migration guide discovery process (Step 6a).\n
- Ingestion points: Fetches content from GitHub releases, CHANGELOG.md, and web search results for "agent migration prompts" (SKILL.md).\n
- Boundary markers: Absent. The skill does not use delimiters to prevent the agent from obeying instructions embedded within the fetched external text.\n
- Capability inventory: The skill executes shell commands via package managers and runs scripts defined in the user's package.json (SKILL.md).\n
- Sanitization: Absent. The skill follows instructions found in external documents after a user approval step (Step 6b/6c), but does not perform automated filtering of the content.\n- [COMMAND_EXECUTION]: The skill identifies and executes lifecycle scripts (lint, build, test, type-check) directly from the project's package.json (Step 1, Step 7), which allows for the execution of arbitrary local commands based on the project configuration.\n- [EXTERNAL_DOWNLOADS]: Fetches package metadata from the official npm registry (registry.npmjs.org) and documentation from project repositories (Step 3, Step 5). These sources are well-known and the activity is consistent with the skill's primary purpose.
Audit Metadata