skill-dependency-resolver
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Metadata Analysis] (SAFE): The skill documentation and YAML schema indicate it is designed for structural analysis of other skills rather than executing untrusted code or accessing sensitive data stores.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data via the
skills_directoryandtarget_goalinputs. However, the described capabilities are limited to DAG construction and metadata mapping, which poses a low risk of code-based injection unless the implementation logic (which is not provided) handles these inputs unsafely. - [Implementation Visibility] (INFO): No source code (Python, JavaScript, etc.) was included in the analysis. The verdict is based on the provided SKILL.md and skill.yaml files which describe the intended behavior and interface.
Audit Metadata