next-upgrade
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Official Documentation Access: The skill retrieves upgrade guides directly from official framework documentation URLs. This allows the agent to follow established migration paths provided by the developers.
- Automated Code Transformations: The skill utilizes maintenance tools to automate breaking changes. This is a standard operational practice for framework maintenance and uses official vendor-provided toolsets.
- Dependency Management: It performs version updates through standard package managers (npm, pnpm, yarn, bun). These operations target primary framework components to ensure project compatibility.
- Indirect Prompt Injection Surface: The skill processes external data from documentation sites to guide its actions. This is a common pattern for documentation-aware tools.
- Ingestion points: External content is fetched from documentation URLs specified in
SKILL.md. - Boundary markers: The skill does not use explicit delimiters to separate external documentation content from internal instructions.
- Capability inventory: The skill has access to shell execution for package management and code transformation tools as defined in
SKILL.md. - Sanitization: External content is retrieved and processed as text to inform the migration process without specific sanitization filters.
Audit Metadata