Skills
skills/mantinedev/mantine/sync-versions/Gen Agent Trust Hub

sync-versions

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script uses the subprocess module to execute gh (GitHub CLI) and git commands for repository maintenance.
  • Evidence: In scripts/sync_versions.py, subprocess.run is used to call gh api for fetching releases and git commit for saving updates. These calls use argument lists rather than shell strings, preventing shell injection vulnerabilities.
  • [SAFE]: Evaluation of Indirect Prompt Injection surface.
  • Ingestion points: The script fetches release metadata (tags, dates) from the GitHub API via the gh tool.
  • Boundary markers: The script uses a strict regular expression ^v?(\d+)\.(\d+)\.(\d+)$ to enforce the format of version strings.
  • Capability inventory: The script has the capability to write to the local file system (versions.ts) and execute Git commands (git add, git commit).
  • Sanitization: All data ingested from the external API is either parsed into integers (for version numbers) or validated as dates using datetime.fromisoformat before being interpolated into the source file. This effectively prevents malicious data from corrupting the code or injecting unexpected fields.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:33 AM
Security Audit — agent-trust-hub — sync-versions