Skills
skills/helderberto/skills/audit-deps/Gen Agent Trust Hub

audit-deps

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands including npm audit, npm outdated, and grep to analyze the project environment. These are legitimate tools for dependency management and code analysis.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes data from package registries and local source files.
  • Ingestion points: Tool outputs from npm audit and npm outdated, and project files read by grep in the SKILL.md workflow.
  • Boundary markers: No delimiters or specific instructions are provided to the agent to disregard instructions found within the audited data.
  • Capability inventory: The skill has the ability to execute shell commands and read files in the workspace (SKILL.md).
  • Sanitization: There is no evidence of sanitization or validation of the data retrieved from the dependency audit tools or source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:23 AM