Skills
skills/uwe-schwarz/skills/upgrade-dependencies-pr/Gen Agent Trust Hub

upgrade-dependencies-pr

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection via external documentation.
  • Ingestion points: Step 4 in SKILL.md instructs the agent to "inspect official changelogs, migration guides, or release notes" from primary sources. This involves fetching and processing data from external, third-party URLs.
  • Boundary markers: The instructions do not specify any boundary markers or instructions to treat external data as untrusted content.
  • Capability inventory: The agent possesses high-privilege capabilities including file modification (Step 5), shell command execution (Step 7), and GitHub API interaction via gh (Steps 6 and 8).
  • Sanitization: There is no evidence of sanitization or safety-filtering applied to the external content before the agent interprets it to make code changes or create issues.
  • [COMMAND_EXECUTION]: The skill executes shell commands defined within the target repository, which could lead to arbitrary code execution if the repository or its dependencies are malicious.
  • Evidence: Step 7 in SKILL.md ("Verify aggressively") directs the agent to run project-specific verification commands such as npm test, pytest, build, or documented CI entrypoints. These commands are typically defined in package.json or other configuration files that the skill is actively modifying.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to execute tools not necessarily present in the local environment.
  • Evidence: The references/package-manager-playbook.md file recommends the command npx npm-check-updates -u --target latest. This command fetches and executes the npm-check-updates package from the npm registry at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 11:41 AM