updating-npm-package
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions follow industry-standard software development practices for managing dependencies and do not exhibit malicious patterns or intent.
- [COMMAND_EXECUTION]: The skill utilizes legitimate shell commands such as npm, npx, grep, and tsc for their intended purposes within a development environment to analyze code and manage packages.
- [EXTERNAL_DOWNLOADS]: The skill fetches package metadata and updates from the official npm registry and refers to established documentation sources.
- [PROMPT_INJECTION]: The skill ingests external data from migration guides and changelogs found via web searches or GitHub repositories, which represents a potential indirect prompt injection surface.
- [INDIRECT_PROMPT_INJECTION_EVIDENCE]: Ingestion points: Migration guides and release notes from external websites and GitHub. Boundary markers: Absent. Capability inventory: Package installation and shell command execution. Sanitization: Absent.
Audit Metadata