Skills
skills/infer-events/skills/infer-tracking-plan/Gen Agent Trust Hub

infer-tracking-plan

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a bash script at startup to maintain an update check cache in the user's home directory at ~/.infer/last-update-check.json.
  • [EXTERNAL_DOWNLOADS]: Fetches package metadata from the NPM registry via npm view to compare the latest available versions of @inferevents/sdk and @inferevents/mcp with the local installation.
  • [COMMAND_EXECUTION]: Uses node -e to programmatically retrieve the version of the @inferevents/sdk package from the local environment.
  • [PROMPT_INJECTION]: The skill processes untrusted local data by reading codebase files such as package.json, README.md, and source code to derive tracking recommendations.
  • Ingestion points: Project root configuration files and the src/ directory.
  • Boundary markers: None identified; the skill reads file contents directly into context.
  • Capability inventory: Includes file system reads, metadata network requests (npm view), and the ability to propose/apply source code modifications.
  • Sanitization: None present in the script logic; relies on agent-level safety constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 04:38 AM