dependency-resolver
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation suggests using commands that require administrative privileges, such as 'sudo apt-get install', which could be exploited to perform unauthorized system changes. It also instructs the agent to run package managers (npm, pip, mvn, go) that execute code from local manifests.
- [REMOTE_CODE_EXECUTION]: The skill recommends using npx tools like 'cost-of-modules' and 'license-checker', which involve downloading and executing arbitrary code from the npm registry at runtime.
- [EXTERNAL_DOWNLOADS]: The skill's primary functionality involves downloading packages from external registries (npm, PyPI, Maven, Go Proxy), which are well-known but still pose a risk if malicious packages are specified in project manifests.
- [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection. Ingestion points: Reads dependency manifest files including package.json, requirements.txt, pom.xml, build.gradle, Cargo.toml, go.mod, composer.json, Gemfile, and *.csproj. Boundary markers: Lacks delimiters or instructions to ignore instructions within these files. Capability inventory: Uses package managers and sudo for operations. Sanitization: Does not perform validation or escaping of manifest content.
Audit Metadata