dependency-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted user input that is interpolated into a tool command. * Ingestion points: User input captured in the variable via trigger phrases. * Boundary markers: Absent; the skill lacks delimiters to separate user data from instructions. * Capability inventory: Subprocess execution of the /sourceatlas:deps command which accesses local source code. * Sanitization: Absent; no validation or escaping is performed on the input.
- [Command Execution] (HIGH): The command format /sourceatlas:deps "" is susceptible to shell injection. A malicious user could provide a string that escapes the quotes (e.g., '"; malicious_command; #') to execute arbitrary code on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata