dependency-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection surface detected (Category 8). 1. Ingestion points: The skill analyzes external manifest files (package.json, requirements.txt). 2. Boundary markers: No delimiters are specified to isolate untrusted data. 3. Capability inventory: Suggested usage includes executing shell commands (npm audit, pip-audit). 4. Sanitization: No input validation or sanitization of external file content is described.
- No Code (SAFE): The skill consists of markdown instructions only and does not include any executable scripts or binaries.
Audit Metadata