dependency-management-deps-audit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data that could influence the agent's output logic.
- Ingestion points: The dependency discovery logic in
resources/implementation-playbook.mdreads project manifest files such aspackage.json,requirements.txt, andGemfilefrom the local filesystem. - Boundary markers: There are no explicit delimiters or boundary markers used in
SKILL.mdor the playbook's PR generation logic to isolate untrusted package data from the agent's instructions. - Capability inventory: The skill has the capability to perform network requests using
requestsandfetch, and execute system commands through the provided Bash remediation scripts. - Sanitization: The code does not perform sanitization or escaping of package names, versions, or descriptions before interpolating them into markdown templates for reports and pull request bodies.
- [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known technology services and official package registries for auditing purposes.
- Evidence: Python and JavaScript snippets in
resources/implementation-playbook.mdcommunicate withregistry.npmjs.org,pypi.org,rubygems.org,ossindex.sonatype.org, andbundlephobia.comto retrieve vulnerability and package metadata. - [COMMAND_EXECUTION]: The skill includes code templates designed to execute package management and testing commands on the host system.
- Evidence: The playbook contains a Bash script that utilizes
npm audit fix,npm update, andpip installto apply security patches and updates.
Audit Metadata