dependency-updater
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The script 'scripts/run-taze.sh' executes the 'taze' utility by passing all script arguments directly via '$@'. While this is a common and intended pattern for wrapper scripts, it presents a surface for command injection if the calling agent provides unsanitized input.
- EXTERNAL_DOWNLOADS (LOW): The skill references and facilitates the installation of third-party packages from external registries (e.g., npm, PyPI). These tools, such as 'taze', 'pip-review', and 'cargo-audit', are well-known in the developer community, and their use is primary to the skill's purpose, warranting a LOW severity.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes manifest files that may be controlled by an attacker. 1. Ingestion points: manifest files such as 'package.json' (read by taze in scripts/run-taze.sh), 'requirements.txt', and 'Cargo.toml'. 2. Boundary markers: Absent; the scripts do not use specific delimiters or warnings to isolate the content of these files. 3. Capability inventory: Execution of shell commands for updating, auditing, and installing packages. 4. Sanitization: No explicit sanitization or validation of the contents of the project manifest files is performed by the provided scripts.
Audit Metadata