Skills
skills/vinnie357/claude-skills/skill-update/Gen Agent Trust Hub

skill-update

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of Nushell scripts and mise tasks to automate the discovery, triage, and update process for skill dependencies.
  • [EXTERNAL_DOWNLOADS]: Queries well-known services and package registries, including GitHub (api.github.com), Hex.pm, and Crates.io, to retrieve current version numbers and release metadata. These operations are conducted using built-in Nushell HTTP commands.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it parses sources.toml files which may contain untrusted data from various plugins.
  • Ingestion points: Plugin configuration files (sources.toml) and project metadata (marketplace.json).
  • Boundary markers: Absent; configuration values such as URLs and version strings are interpolated directly into script logic.
  • Capability inventory: Network request capabilities (http get, http head) and file system write operations (save --force).
  • Sanitization: Absent; URLs retrieved from configuration files are utilized in network requests without formal validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 01:24 AM