Skills
skills/yunseo-kim/awesome-agent-toolbox/dependency-upgrade/Gen Agent Trust Hub

dependency-upgrade

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Provides instructions for running standard package management and audit commands with npm and yarn.
  • [EXTERNAL_DOWNLOADS]: Fetches documentation and transformation scripts from trusted organizations including Facebook and ReactJS.
  • [REMOTE_CODE_EXECUTION]: Uses jscodeshift to run migration scripts from remote URLs; examples point to trusted official repositories.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes external files and changelogs. 1. Ingestion points: Reads external CHANGELOG.md files and project source files. 2. Boundary markers: No explicit delimiters are used to isolate external data. 3. Capability inventory: Includes shell command execution and file modification. 4. Sanitization: External content is used without explicit validation or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 03:51 PM