Skills
skills/nowork-studio/notfair/upgrade/Gen Agent Trust Hub

upgrade

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform directory operations (mkdir, rm -rf), file synchronization (rsync), and to execute the local binary notfair-update-check to check for updates. It also runs a Python script to update the local installed_plugins.json configuration file.
  • [EXTERNAL_DOWNLOADS]: Fetches the latest plugin code from the vendor's remote git repository using git fetch and git reset. This is a primary function of the upgrade skill and targets the vendor's own infrastructure.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and summarizing CHANGELOG.md in Step 8. Evidence: 1. Ingestion point: CHANGELOG.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Read, and AskUserQuestion. 4. Sanitization: Absent beyond summarization instructions. While this allows external data to enter the prompt context, the source is the vendor's own repository and the behavior is limited to summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:22 AM
Security Audit — agent-trust-hub — upgrade