Skills
skills/paulrberg/agent-skills/node-deps/Gen Agent Trust Hub

node-deps

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Command Execution] (SAFE): The skill executes the taze CLI tool and suggests running package manager commands (npm, pnpm, yarn). These actions are consistent with the skill's stated purpose of updating project dependencies.
  • [External Downloads] (LOW): The skill prompts the user to install the taze package globally via npm. While taze is a well-known community tool, installing global packages introduces a dependency on external registries and package authors.
  • [Indirect Prompt Injection] (LOW): The skill parses output from external command execution (taze).
  • Ingestion points: Taze output (package names and versions) is processed in SKILL.md (Step 3).
  • Boundary markers: Absent; the instructions rely on the agent's ability to interpret the tabular output format.
  • Capability inventory: Command execution of taze with write permissions and suggestion of npm install in SKILL.md and run-taze.sh.
  • Sanitization: Absent; the skill does not explicitly sanitize package names or versions before processing them.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:12 PM