Skills
skills/sickn33/antigravity-awesome-skills/supply-chain-risk-auditor/Gen Agent Trust Hub

supply-chain-risk-auditor

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or security risks were identified in the skill's instructions.
  • [COMMAND_EXECUTION]: The skill utilizes the gh (GitHub CLI) tool via the Bash interface to query repository metadata. This is a legitimate use of a well-known tool from a trusted vendor for the purpose of dependency auditing.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process data from external GitHub repositories (READMEs, issues, etc.), which represents a potential surface for indirect prompt injection.
  • Ingestion points: Data retrieved via gh commands from external dependency repositories.
  • Boundary markers: None specified to differentiate external data from internal logic.
  • Capability inventory: Read, Write, Bash, Glob, Grep tools.
  • Sanitization: No explicit content sanitization or filtering is implemented for processed repository data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 06:43 AM