deps
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill includes standard shell commands for package management. These are routine for developers and do not involve unauthorized system access.
- [EXTERNAL_DOWNLOADS] (SAFE): Instructions recommend installing trusted tools (yarn, pnpm, depcheck) from the official npm registry.
- [PROMPT_INJECTION] (SAFE): Identifies a surface for indirect injection where the agent reads command output (e.g., from npm audit). Ingestion point: audit/ls output; Boundary markers: absent; Capability: shell execution; Sanitization: absent. The context is standard development tools, making the risk negligible.
Audit Metadata