code-porter
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions utilize standard command-line tools for searching and managing software packages, such as npm search, pip search, and pnpm add. These operations are intended for identifying and installing libraries within a professional development context.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and integration of third-party libraries from official registries. It implements risk mitigation through a mandatory evaluation process that includes checking project activity, maintenance status, and running security audits via npm audit.
- [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface when processing external package metadata and search results. Ingestion points: Data enters via search results from npm, PyPI, and GitHub. Boundary markers: No explicit delimiters are used for external search content. Capability inventory: The skill can execute package installation commands and adapt external code snippets. Sanitization: Mitigated through a detailed manual evaluation checklist and instructions to perform automated security scanning.
Audit Metadata