dependency-track
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes potentially untrusted content from the external Dependency-Track API.
- Ingestion points: The scripts
scripts/dtrack-findings.sh,scripts/dtrack-vulnerability.sh, andscripts/dtrack-projects.shingest data fields like vulnerability descriptions, project names, and audit comments. - Boundary markers: Data is passed to the agent as JSON or formatted text without explicit boundary delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can perform network operations via
curl(including write operations to the SCA platform) and has access to the user's local configuration directory. - Sanitization: No content-level sanitization or filtering is performed on retrieved text fields before they are interpolated into the agent's context.- [DATA_EXFILTRATION]: The skill accesses a sensitive local file path to load API credentials.
- Evidence:
scripts/_config.shreads the API key from~/.boring/dependency-track/apikey. - Context: This is the intended primary function for managing the skill's own configuration. The implementation follows security best practices by recommending restricted file permissions (chmod 600) for the credential file.
Audit Metadata