dependency-updater
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of markdown documentation and natural language instructions for the AI agent. It does not include any executable scripts, binaries, or shell commands.
- [Indirect Prompt Injection] (SAFE): The skill is designed to process external data such as package manifests and changelogs, which represents a potential surface for indirect prompt injection. However, since the skill does not provide any high-risk capabilities like automatic code execution or privileged file system access, this surface is considered safe for its intended purpose. Evidence chain: 1. Ingestion points: local package manifests and external changelog sources. 2. Boundary markers: none present in instructions. 3. Capability inventory: read-only analysis and markdown report generation. 4. Sanitization: not explicitly mentioned, relying on the agent's core safety protocols.
Audit Metadata