Skills
skills/levnikolaevich/claude-code-skills/ln-821-npm-upgrader/Gen Agent Trust Hub

ln-821-npm-upgrader

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes standard package manager commands (npm install, yarn add, pnpm audit) and project scripts (npm run build, npm test) to perform upgrades and verify changes.
  • [EXTERNAL_DOWNLOADS]: Fetches configuration or additional instructions from the author's official GitHub repository (raw.githubusercontent.com/levnikolaevich/claude-code-skills) when local files are missing.
  • [EXTERNAL_DOWNLOADS]: Consults external documentation and migration guides using MCP tools (mcp__context7__query-docs, mcp__Ref__ref_search_documentation) and WebSearch to identify breaking changes.
  • [PROMPT_INJECTION]: Presents a potential surface for indirect prompt injection as the skill processes external documentation and user-controlled project files to determine upgrade steps.
  • Ingestion points: package.json, lock files, and documentation retrieved via WebSearch or MCP documentation tools.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded malicious prompts in external data are defined.
  • Capability inventory: Can execute package installations and arbitrary project scripts (build, test, etc.) via shell commands; writes report artifacts to the local filesystem.
  • Sanitization: The skill does not describe specific validation or sanitization of retrieved documentation or manifest data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:29 AM