upgrade-pack-generator
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to audit local repositories and gather dependency information. Scripts like research_upgrade_pack.py and qualify_upgrade_pack.py execute tools such as rg, npm, and gh using subprocess.run. These commands are configured with shlex.quote to prevent argument injection and are focused on read-only discovery tasks.
- [EXTERNAL_DOWNLOADS]: The skill performs network fetches to retrieve documentation metadata. enrich_manifest.py and research_upgrade_pack.py use urllib.request.urlopen to check official documentation sites for Next.js, Expo, and other frameworks. These requests are used to verify the freshness of the research data and do not involve the execution of downloaded content.
Audit Metadata