audit-dependencies
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
./.github/workflows/audit-dependencies.shusing the$ARGUMENTSvariable. This variable is populated directly from user input (the severity level) and interpolated into the shell command without visible sanitization, creating a potential command injection vector if the agent platform does not provide underlying protection. - [REMOTE_CODE_EXECUTION]: The core workflow requires executing
pnpm installandpnpm run build. These commands trigger lifecycle scripts and build processes defined in the repository and its third-party dependencies, which constitutes execution of external code. - [EXTERNAL_DOWNLOADS]: The skill interacts with external services, specifically the NPM registry (via
pnpm viewandpnpm install) and GitHub (viagh pr createand searching security advisories), to manage dependencies and create pull requests. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it parses external, potentially attacker-influenced data to make decisions and generate content.
- Ingestion points: Output from
pnpm audit --jsonand content from external GitHub Security Advisory (GHSA) pages. - Boundary markers: Absent; the instructions do not specify delimiters or instructions to ignore embedded commands when processing audit data or advisory descriptions.
- Capability inventory: File system writes (editing
package.json), shell execution (pnpm,gh, and local repository scripts), and network access (GitHub PR creation). - Sanitization: No explicit sanitization or validation of the content retrieved from security advisories or package metadata is described before it is used to generate PR descriptions.
Audit Metadata