dependabot
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [SAFE]: The skill provides documentation and configuration patterns for GitHub Dependabot. The instructions are educational and follow official GitHub documentation standards.
- [PROMPT_INJECTION]: The skill describes a workflow involving scanning repository manifest files (Step 1). This identifies an indirect prompt injection surface.
- Ingestion points: Manifest files such as package.json, requirements.txt, and Gemfile (as listed in Step 1).
- Boundary markers: No specific boundary markers or instructions to ignore embedded content are provided.
- Capability inventory: The skill proposes the modification of repository configuration files (.github/dependabot.yml).
- Sanitization: No sanitization of the content extracted from manifest files is described.
- [REMOTE_CODE_EXECUTION]: The documentation includes the
insecure-external-code-executionparameter. - Evidence: Documented in
references/dependabot-yml-reference.mdas a legitimate configuration option for ecosystems like Bundler, Mix, and Pip. - Context: While this option allows code execution during dependency resolution, it is a standard feature of the documented tool. The skill describes its use neutrally as a requirement for specific ecosystems.
Audit Metadata