org-deps
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute a shell script located at
~/.claude/scripts/org-deps.sh. Since the content of this script is not part of the skill definition, its specific actions and safety cannot be verified. - [COMMAND_EXECUTION]: In the 'Phase 4: Fix' section, the skill directs the agent to 'Run tests to verify compatibility'. Running test suites is a high-risk operation because tests can execute arbitrary code contained within the repositories being audited.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from multiple repositories.
- Ingestion points: The skill reads
NEWS.mdfiles and dependency metadata (R and Julia configuration files) from various repositories. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are implemented to protect the agent from malicious instructions hidden within audited files.
- Capability inventory: The agent is granted capabilities to execute local scripts (
org-deps.sh), run arbitrary test code, and perform Git operations like creating branches and Pull Requests. - Sanitization: No sanitization or validation steps are defined for the content extracted from
NEWS.mdor other repository files before it is processed by the agent.
Audit Metadata