ln-625-dependencies-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard ecosystem-specific vulnerability audit commands, including 'npm audit', 'pip-audit', 'cargo audit', and 'govulncheck'. These operations are essential to the skill's primary function and target well-known development utilities.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from the codebase being audited. Ingestion points: Codebase files (package manifests and source code) are read using 'Grep' and 'Read' tools during the audit workflow. Boundary markers: The skill does not explicitly use boundary markers or delimiters to separate ingested code from instructional context. Capability inventory: The skill possesses 'Bash' (for tool execution) and 'Write' (for report output) capabilities. Sanitization: No explicit sanitization or filtering of the ingested file content is performed prior to analysis.
Audit Metadata