dependency-grapher
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from package.json files without sanitization.
- Ingestion points: src/lib.ts reads and parses the package.json file from the directory provided in the input argument.
- Boundary markers: The resulting Mermaid graph does not use delimiters or instructions to prevent the agent from following directions potentially embedded in the graph content.
- Capability inventory: The skill writes the generated graph to the local filesystem using safeWriteFile in src/index.ts.
- Sanitization: Package and dependency names are used directly in the Mermaid string construction without escaping. A malicious package.json could contain characters designed to break the Mermaid syntax or inject instructions that might be acted upon by other parts of the agent pipeline.
Audit Metadata