codebase-cleanup-deps-audit
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to analyze external codebase dependencies, creating a large attack surface for malicious instructions embedded in manifest files.
- Ingestion points: Dependency manifests (e.g.,
package.json,requirements.txt,Gemfile) provided by the user or read from the environment inSKILL.md. - Boundary markers: Absent. The instructions do not specify delimiters or warn the agent to ignore natural language instructions found within the data being audited.
- Capability inventory: The skill is authorized to "Run vulnerability and license scans" and "Propose upgrades," implying access to the system shell and file modification capabilities.
- Sanitization: Absent. There is no mention of sanitizing or validating the contents of dependency files before they are processed by the agent's logic.
- [Command Execution] (MEDIUM): The instruction to "Run vulnerability and license scans" necessitates the use of external CLI tools. Without strict constraints on which tools are used or how arguments are passed, this could be exploited to run arbitrary commands if the manifest data is maliciously crafted.
- [Unverifiable Resources] (MEDIUM): The skill frequently references
resources/implementation-playbook.mdas the source for "detailed tooling and templates." Since this file is not provided, the specific commands, scripts, and third-party tools the skill intends to use cannot be audited for safety.
Recommendations
- AI detected serious security threats
Audit Metadata