reviewing-dependencies
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill directs the AI agent to execute local shell scripts located at '~/.claude/plugins/marketplaces/claude-configs/review/scripts/'. This execution pattern assumes the integrity of the local file system and pre-installed scripts, which could be exploited if an attacker gains write access to those paths.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests untrusted data from 'package.json' and source files. Evidence Chain: 1. Ingestion points: package.json, src/ directory. 2. Boundary markers: None present. 3. Capability inventory: bash, npm audit, grep, cat. 4. Sanitization: No sanitization or validation of the ingested file content is performed before processing.
Audit Metadata