dependency-auditor
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted project manifest files (such as
package.json,requirements.txt, andgo.mod) and incorporates extracted data directly into its reports and recommendations. If an agent automatically acts on the 'Recommendations' output by the tool, a malicious project file containing carefully crafted dependency names or version strings could trick the agent into performing unintended actions. - Ingestion points: The scripts
dep_scanner.py,license_checker.py, andupgrade_planner.pyingest untrusted dependency data from the local project directory being audited. - Boundary markers: The tool's output reports do not include explicit delimiters or instructions to the agent to treat the results strictly as data, which would help prevent the agent from obeying instructions potentially embedded in the output.
- Capability inventory: The agent environment typically has the shell and file system access required to run the auditing scripts and potentially implement the updates or fixes recommended by the tool.
- Sanitization: Untrusted data, specifically package names and version strings, are interpolated directly into natural language recommendation strings (e.g., "Update {dep.name} from {dep.version} to {vuln.fixed_version}") without validation or sanitization, allowing for potential prompt injection surface.
Audit Metadata