dependency-conflict-resolver
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external content, creating a vulnerability surface for instruction injection.
- Ingestion points: The skill reads and analyzes
package.json, lock files, and installation error logs provided by the user or the environment. - Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from obeying malicious instructions embedded within the data it processes.
- Capability inventory: The skill uses high-privilege operations including
npm install,npm update,npm rebuild, and recursive directory deletion (rm -rf node_modules). - Sanitization: None. The skill lacks validation or filtering of external content before interpolation into the agent's decision-making process.
- [Command Execution] (MEDIUM): The skill documentation encourages the use of powerful CLI tools that can modify the system state. Specifically, it suggests 'force' installation flags and the manual removal of the
node_modulesdirectory, which could be exploited if an attacker poisons the input data to trigger these actions maliciously.
Recommendations
- AI detected serious security threats
Audit Metadata