dependency-management
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash tools to execute standard development commands such as
pip-compile,pip install, anddocker build. These are necessary for its primary function of dependency management. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of Python packages from the official Python Package Index (PyPI) via
pip. It enforces version pinning and lockfiles to ensure integrity and reproducibility. - [SAFE]: The skill implements security best practices by requiring version floor pins for patched vulnerabilities and strictly prohibiting manual, unrecorded package installations. It provides a clear procedure for responding to security advisories (CVE/GHSA).
Audit Metadata