dependency-management
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or bypass attempts were detected.- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets or unauthorized data transfer patterns were identified.- [Unverifiable Dependencies & Remote Code Execution] (SAFE): References only standard, reputable tools such as npm, pip-audit, and govulncheck. No untrusted remote scripts are executed.- [Indirect Prompt Injection] (LOW): * Ingestion points: The skill interacts with external project files like package.json and lockfiles using Bash and Read tools. * Boundary markers: None explicitly defined in the instructions. * Capability inventory: Uses Bash, Glob, Grep, and Read tools which can manipulate the file system. * Sanitization: No specific sanitization of external file content is described, creating a standard surface for indirect prompt injection if those files are controlled by an attacker.
Audit Metadata