dependency-auditor
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard security auditing and package management commands, such as 'npm audit', 'pip-audit', 'bundle audit', and 'npm install'. This execution is restricted to the skill's primary purpose of identifying and fixing dependency vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The skill connects to well-known, official package registries (registry.npmjs.org, pypi.org, rubygems.org, and repo.maven.apache.org) to fetch vulnerability databases and package updates. These domains are recognized as safe and essential for the tool's functionality.
- [PROMPT_INJECTION]: The skill ingests and processes data from external audit tool outputs, which constitutes a surface for indirect prompt injection.
- Ingestion points: Output results from audit commands like 'npm audit' and 'safety'.
- Boundary markers: Absent from the provided instruction logic.
- Capability inventory: The skill has access to the Bash tool for command execution.
- Sanitization: There is no explicit sanitization described for the data parsed from external security reports.
Audit Metadata