dependency-audit
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development tools such as
npm audit,pip-audit, andgovulncheckto retrieve dependency information. These operations are limited to the local environment and the respective official package registries. - [EXTERNAL_DOWNLOADS]: Utilizes
npx -y license-checkerto download and run a common utility for auditing package licenses. This is a standard practice for the skill's stated purpose of dependency auditing. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Network activity is limited to standard vulnerability database checks performed by the auditing tools.
- [SAFE]: The skill adheres to the 'no external services' claim by using standard local tooling and well-known registry-backed audit commands.
Audit Metadata