openpress-upgrade
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands using the framework's CLI (e.g.,
node node_modules/@open-press/core/engine/cli.mjs). This is standard behavior for a development tool managing workspace upgrades. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and act upon data from external migration documents (
docs/migrations/<version>.md). While this represents a potential surface for indirect prompt injection if the source repository were compromised, the skill mitigates this risk by requiring explicit user confirmation before any migration plan is implemented (Step 6) or dependency updates are applied (Step 3). - Ingestion points: Migration documentation files fetched from the OpenPress repository.
- Boundary markers: The skill uses logical separation between the planning phase and the execution phase.
- Capability inventory: File system reads, shell command execution via Node.js, and package manager operations.
- Sanitization: The workflow relies on mandatory user review and confirmation of generated migration plans before execution.
Audit Metadata