The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands to manage dependencies and verify security, including bun outdated, bun update, npm view, npm diff, and gh release view. These are used according to the skill's stated purpose of auditing and updating software packages.
[DATA_EXPOSURE]: The skill reads package metadata and source code from public registries and repositories. It writes structured audit results and deferral notes to ~/.supply-chain/notes/ in the user's home directory to provide persistence for security reviews.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data (package source code diffs and metadata) through an LLM sub-agent to reach a security verdict.
Ingestion points: Untrusted content enters the context via npm diff output, package metadata from npm view, and external changelogs from GitHub.
Boundary markers: The instructions define a structured JSON output format for the sub-agent, which helps constrain the response, but the skill lacks explicit boundary delimiters or 'ignore instructions' wrappers around the raw code content being audited.
Capability inventory: The skill possesses the capability to modify the project's package.json and lockfile via bun update and write to the local file system.
Sanitization: There is no evidence of sanitization or filtering of the external package content before it is passed to the sub-agent for analysis.

update-deps