dependency-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the Bash tool for running dependency audits and querying package information from registries.
- [EXTERNAL_DOWNLOADS]: Connects to external package registries and utilizes web search capabilities to identify versions and breaking changes.
- [PROMPT_INJECTION]: The skill processes untrusted data from project files and web searches, creating a surface for indirect prompt injection.
- [PROMPT_INJECTION]: Ingestion points: Reads local dependency manifest files (e.g., package.json, requirements.txt) and fetches external content via web search.
- [PROMPT_INJECTION]: Boundary markers: None specified to isolate external data from instructions.
- [PROMPT_INJECTION]: Capability inventory: The skill has access to Bash, Read, Write, Edit, Glob, and Grep tools.
- [PROMPT_INJECTION]: Sanitization: No explicit sanitization or validation of external content is documented.
- [PROMPT_INJECTION]: The mandatory Memory Protocol instructs the agent to read and write to local markdown files which can be influenced by external data.
Audit Metadata