composer-dependency-management
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a mandatory memory protocol requiring the agent to execute a local file read command.
- Evidence: The command 'cat .claude/context/memory/learnings.md' is specified in 'SKILL.md'.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from project files.
- Ingestion points: 'SKILL.md' configures the skill to operate on files matching the '**/composer.json' glob.
- Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat the file content as untrusted data.
- Capability inventory: The skill metadata in 'SKILL.md' grants the agent access to 'Read', 'Write', and 'Edit' tools.
- Sanitization: Absent. The skill does not perform validation or escaping of the data ingested from the project's composer.json files.
Audit Metadata