Skills
skills/remotion-dev/remotion/fix-dependabot/Gen Agent Trust Hub

fix-dependabot

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it extracts data from external Pull Requests and uses it to construct shell commands.
  • Ingestion points: Pull request metadata (branch names, dependency names, versions) fetched via gh pr view in SKILL.md.
  • Boundary markers: Absent; the instructions interpolate variables directly into shell command strings without specific delimiters for untrusted content.
  • Capability inventory: Executes high-privilege operations including git checkout, git push, and bun install across all scripts in the repository.
  • Sanitization: No explicit sanitization or validation of the fetched PR metadata is performed before it is used in shell execution paths.
  • [COMMAND_EXECUTION]: Automates several shell-based workflows. The agent executes git, gh, rg, and bun commands. While these are standard developer tools, the lack of input validation for the parameters derived from the PR metadata is a point of caution.
  • [REMOTE_CODE_EXECUTION]: Running bun install can trigger the execution of arbitrary scripts defined in the package.json files of the updated dependencies. This is the intended behavior for dependency management but represents a point where third-party code is executed locally.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 05:02 PM