Skills
skills/jeremylongshore/claude-code-plugins-plus/analyzing-dependencies/Gen Agent Trust Hub

analyzing-dependencies

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes package manager audit commands (such as npm audit, pip-audit, and cargo audit) and remediation commands (like npm install or pip install --upgrade) to identify and resolve dependency issues.\n- [EXTERNAL_DOWNLOADS]: The skill recommends installing missing auditing tools (e.g., pip install pip-audit, gem install bundler-audit) and fetches package updates as part of its remediation workflows.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted data from project manifest files and tool outputs.\n
  • Ingestion points: Dependency manifest files (e.g., package.json, requirements.txt) and JSON reports from audit tools.\n
  • Boundary markers: Not present; the skill processes data structures directly without specific delimiters to separate data from instructions.\n
  • Capability inventory: Utilizes the Bash tool for shell commands and subprocess.run within Python scripts for tool execution.\n
  • Sanitization: Relies on standard JSON parsing via jq and the Python json module, which prevents structural injection but does not validate the content for embedded natural language instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 08:01 PM