dependency-auditor
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted dependency manifest data for AI agent consumption.
- Ingestion points: Multi-language project manifests (e.g., package.json, requirements.txt, go.mod) and lockfiles parsed by dep_scanner.py, license_checker.py, and upgrade_planner.py.
- Boundary markers: Absent. The reports generated by the scripts do not use delimiters or instructions to help the agent distinguish project data from operative instructions.
- Capability inventory: Across all files (dep_scanner.py, license_checker.py, and upgrade_planner.py), capabilities are limited to local file system reads and stdout reporting. No subprocess calls, network requests, or dynamic code execution (eval/exec) were detected in the operational logic.
- Sanitization: Absent. While the scripts use static parsing (JSON/Regex), there is no specific sanitization of extracted strings to prevent malicious instructions hidden in manifest fields from influencing the consuming AI agent.
Audit Metadata