codebase-cleanup-deps-audit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches vulnerability advisories and package metadata from well-known services including the NPM Registry, PyPI, RubyGems, and Sonatype OSS Index. It also queries BundlePhobia for package size analysis.
- [COMMAND_EXECUTION]: The implementation playbook includes bash scripts and Python code that execute package manager commands such as 'npm update', 'npm test', and 'pip-compile'. While these are necessary for the skill's remediation functionality, 'npm test' in particular can execute arbitrary code defined within a project's dependency configuration.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from project manifest files (e.g., package names or version strings in 'package.json' or 'requirements.txt') which are then processed by the agent.
- Ingestion points: DependencyDiscovery class in 'resources/implementation-playbook.md' reads manifest files from the local project path.
- Boundary markers: No specific delimiters or instructions to ignore embedded content are used when processing manifest data.
- Capability inventory: The skill can execute shell commands ('npm', 'pip', 'pip-compile') and perform network requests via Python's 'requests' library and JavaScript's 'fetch' API.
- Sanitization: The skill does not implement sanitization or validation of the content within the dependency manifests before processing.
Audit Metadata