dependency-update
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on common package management CLI tools such as
npm,pip, anddotnetto query the state of project dependencies, which is a standard administrative task for maintenance.- [EXTERNAL_DOWNLOADS]: Vulnerability data is sourced from trusted platforms such as the GitHub Advisory Database and the National Vulnerability Database (NVD). These connections are documented and serve the legitimate purpose of identifying security risks.- [PROMPT_INJECTION]: The agent is instructed to research release notes and changelogs from external repositories. While this creates an indirect prompt injection surface where untrusted data enters the agent's context, the risk is considered low and essential to the skill's primary function of analyzing breaking changes.
Audit Metadata