npm-trends
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches data from api.npmjs.org, which is the official and trusted API for npm download statistics.
- [PROMPT_INJECTION] (LOW): Potential indirect prompt injection surface detected. 1. Ingestion points: Data from api.npmjs.org point and range endpoints. 2. Boundary markers: None specified in documentation to delimit API content. 3. Capability inventory: Local execution of the npm_trends.ts script. 4. Sanitization: No explicit sanitization or validation of the API response data is documented.
Audit Metadata