Skills
skills/helderberto/skills/deps-audit/Gen Agent Trust Hub

deps-audit

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs standard system commands including npm audit, npm outdated, and grep to analyze local project files (SKILL.md).
  • [EXTERNAL_DOWNLOADS]: The skill queries the official npm registry for package metadata and security advisories.
  • [REMOTE_CODE_EXECUTION]: The skill includes a fallback to run npm install if a lockfile is missing. This is a standard procedure for dependency auditing and uses the system's default package manager (SKILL.md).
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect injection as it processes package.json and source files from the src/ directory. Evidence: Data enters at package.json and src/; no boundary markers are specified; capabilities include npm commands; no sanitization is defined (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 08:13 PM