dependency-management-deps-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted dependency manifests, creating an inherent attack surface for indirect prompt injection via package metadata. Evidence: 1. Ingestion points: Dependency manifest files (implied). 2. Boundary markers: Absent. 3. Capability inventory: Dependency inventory, vulnerability scanning, license scanning, and proposing upgrades. 4. Sanitization: Absent.
- [Static Analysis] (SAFE): No evidence of malicious command execution, hardcoded secrets, obfuscation, or data exfiltration was found in the provided skill definition. The reference to local resource files for workflows is a standard organizational practice.
Audit Metadata