Skills
skills/pulumi/agent-skills/provider-upgrade/Gen Agent Trust Hub

provider-upgrade

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the 'schema-tools' binary from the official Pulumi GitHub repository (github.com/pulumi/schema-tools). This utility is used to perform structured comparisons between provider versions and is a vendor-supported resource.
  • [COMMAND_EXECUTION]: Utilizes standard development and infrastructure tools including package managers (npm, yarn, go, dotnet) and the Pulumi CLI (pulumi preview, pulumi stack export) to manage project dependencies and inspect infrastructure state.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes output from the Pulumi CLI. -- Ingestion points: pulumi preview output and pulumi stack export JSON (SKILL.md, references/diagnostic-toolbox.md). -- Boundary markers: Absent. -- Capability inventory: Subprocess calls for package managers and the Pulumi CLI. -- Sanitization: Not explicitly specified in instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 12:56 PM