fix-deprecated-controls

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to execute the @ui5/linter package. This package is the official tool for linting UI5 projects and is used here for its intended purpose of identifying deprecated code.
  • [COMMAND_EXECUTION]: Instructs the agent to run the shell command npx @ui5/linter --details to obtain modernization metadata and documentation links.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from the project being analyzed.
  • Ingestion points: Project source code (JavaScript, XML) and linter execution output in the terminal.
  • Boundary markers: Absent; there are no specific markers or instructions to treat external data as untrusted content.
  • Capability inventory: The skill is designed to perform file-read and file-write operations to modernize source code.
  • Sanitization: Absent; the skill does not specify any validation or sanitization for the code or linter output it processes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 12:26 PM
Security Audit — agent-trust-hub — fix-deprecated-controls