preen-dependency-security
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes content from package manifests and dependency audit results which contain information derived from external registries. This content is used to determine automated fixes, representing an attack surface for indirect prompt injection.
- Ingestion points: manifest files and pnpm audit output in SKILL.md.
- Boundary markers: The skill does not define specific delimiters for separating external data from instructions.
- Capability inventory: The skill can execute pnpm install and perform git operations as seen in SKILL.md.
- Sanitization: Instructions provide specific fix patterns and guardrails to limit the scope of the agent's actions.
Audit Metadata