dependency-audit
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted JSON data from external package registries via audit tools (Category 8).
- Ingestion points: Uses 'npm audit --json', 'pnpm audit --json', and 'npm outdated --json' to fetch external data.
- Boundary markers: No delimiters or instructions to ignore embedded instructions are present in the processing logic.
- Capability inventory: Possesses 'npm update', 'npm audit fix', and file modification capabilities which can be leveraged by malicious input.
- Sanitization: Instructions lack requirements to sanitize package names or version strings before they are used in shell command construction.
- Command Execution (HIGH): Shell commands are dynamically generated using untrusted data from external sources (Category 10). The construction pattern 'npm update [package]@[version]' is susceptible to command injection if malicious strings are returned from the package registry.
- Remote Code Execution (HIGH): The skill uses 'npx' to execute 'license-checker' (Category 4). This pattern involves downloading and running code from an external source at runtime, which is risky for unverified packages.
Recommendations
- AI detected serious security threats
Audit Metadata