dependency-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it reads untrusted data from project manifests and uses that data to perform high-privilege operations.
- Ingestion points: Manifest files identified in Step 1 including
package.json,requirements.txt,go.mod,Cargo.toml, andGemfile. - Boundary markers: Absent. The skill provides no instructions to separate untrusted data from command logic or to ignore embedded instructions within those files.
- Capability inventory: The skill utilizes subprocess calls for
npm,pip,go, andbundleto perform audits and installations (npm audit,pip install,govulncheck). - Sanitization: Absent. Package names and versions from external files are directly interpolated into shell commands (e.g.,
npm install vulnerable-package@version). - Command Execution (HIGH): The skill explicitly instructs the agent to run powerful system commands (
npm audit fix,pip install --upgrade). While intended for security, these commands modify the filesystem and execute code from public registries based on potentially attacker-controlled input files. - External Downloads (MEDIUM): The skill downloads and installs tools (
pip install pip-audit) and software packages. Although these come from standard registries, the source of the package names is untrusted project data, which can be exploited to install malicious dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata