Skills
skills/mukul975/anthropic-cybersecurity-skills/performing-supply-chain-attack-simulation/Gen Agent Trust Hub

performing-supply-chain-attack-simulation

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/agent.py executes the pip-audit command-line utility to identify known vulnerabilities. This is implemented using subprocess.run with a fixed list of arguments, which prevents command injection.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves package metadata from the official PyPI JSON API at pypi.org. This is a necessary function for the skill's purpose and uses a well-known, trusted technology service.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because it processes untrusted metadata from a public registry. \n
  • Ingestion points: Data is fetched from https://pypi.org/pypi/{package_name}/json in the query_pypi_metadata function within scripts/agent.py. \n
  • Boundary markers: The skill does not employ specific delimiters or instructions to the agent to disregard potential control sequences within the fetched metadata. \n
  • Capability inventory: The skill can execute local commands via subprocess.run and read local files via the open function. \n
  • Sanitization: The script parses API responses as JSON but does not sanitize or filter the content of metadata fields like descriptions or summaries before outputting them to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 01:01 PM