The Agent Skills Directory

[SAFE]: The skill utilizes official and established auditing tools (e.g., npm audit, pip-audit, govulncheck, cargo audit) to perform security checks on software dependencies, which is standard professional practice.- [SAFE]: The identification and scanning of dependency manifest files (like package.json, requirements.txt, or go.mod) is the expected core functionality of a dependency auditor and poses no inherent security risk when used as described.- [PROMPT_INJECTION]: Note of indirect prompt injection surface inherent to processing external project files. Ingestion points: Dependency manifest files identified during the workflow (SKILL.md). Boundary markers: Absent, however, the skill instructs the agent to use specialized audit tools rather than directly interpreting file content as instructions. Capability inventory: Execution of local command-line tools for auditing and version checking (SKILL.md). Sanitization: Relies on the underlying auditing utilities to securely parse file contents.

dep-auditor