Skills
skills/cocoindex-io/cocoindex/upgrade-examples/Gen Agent Trust Hub

upgrade-examples

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill interpolates user-supplied input directly into shell commands, which presents an attack surface for indirect prompt injection.
  • Ingestion points: The <version> argument provided by the user in the command /upgrade-examples <version>.
  • Boundary markers: Absent. There are no explicit delimiters or instructions for the agent to validate the input structure.
  • Capability inventory: The skill has the capability to execute shell commands via git, find, sed, and gh.
  • Sanitization: Absent. The instructions do not specify sanitization or escaping of the version string before it is interpolated into shell commands.
  • [COMMAND_EXECUTION]: The skill relies on shell commands to perform its primary function of repository maintenance.
  • Documentation: Uses git for branch management and commits, find and sed for file modification, and gh for interacting with GitHub.
  • Context: The command execution is within the expected scope of a developer-oriented skill meant for codebase maintenance.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:11 AM
Security Audit — agent-trust-hub — upgrade-examples