dependency-scan
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. Ingestion points: manifest files (package.json, requirements.txt, etc.) and external vulnerability databases (NVD, GitHub, OSV). Boundary markers: None present in instructions or logic. Capability inventory: Extensive subprocess execution (npm, pip, cargo, etc.) and file modification capabilities. Sanitization: None detected. Maliciously crafted dependency names or CVE descriptions could trick the agent into performing unintended file modifications or installations during the fix process.
- REMOTE_CODE_EXECUTION (HIGH): The '--fix' mode triggers remote package installation and updates via tools like 'npm', 'pip', and 'cargo'. This results in the execution of code (installation scripts) downloaded from external registries. When combined with the processing of untrusted manifest files, this constitutes a high-risk RCE vector.
- COMMAND_EXECUTION (HIGH): The skill executes a wide array of shell commands including 'npm audit', 'pip-audit', 'bundle-audit', 'govulncheck', 'cargo audit', 'composer audit', and 'dotnet list'. There is no evidence of strict argument sanitization for the inputs parsed from dependency manifests, which could lead to command injection if these files contain shell metacharacters.
Recommendations
- AI detected serious security threats
Audit Metadata