The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.execSync to run shell commands where package names are interpolated directly from the local package.json file without sanitization. If the audited project contains a malicious package.json with keys containing shell metacharacters such as semicolons, ampersands, or backticks, it could result in arbitrary command execution on the user's host system. Evidence: execSync('npm view ' + name + ...) in Step 2, 5, and 6.
[EXTERNAL_DOWNLOADS]: The skill fetches package metadata and download statistics from the official npm registry API (api.npmjs.org). These are well-known services used for package management. Evidence: curl -s "https://api.npmjs.org/downloads/point/last-week/<package-name>" in Step 2.
[REMOTE_CODE_EXECUTION]: The skill pipes the output of a network request from the npm API directly into the Node.js interpreter. While the command specifies a hardcoded inline script to parse JSON from standard input, the pattern of piping remote content to an interpreter is a high-risk practice that bypasses typical security controls. Evidence: curl ... | node -e "..." in Step 2.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted metadata from the npm registry and local package files to generate an audit report and make automated update decisions. Ingestion points: package.json keys, npm view JSON responses, and pnpm audit reports. Capability inventory: Full shell access and file system write access. Sanitization: No sanitization is applied to the package names or metadata before they are used in shell commands or interpolated into the final report. Boundary markers: No delimiters or instructions are used to separate the external data from the agent's instructions.

dependencies-audit