dependency-updater
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes package management tools via bash scripts to perform updates and audits. This is the primary intended function. Evidence:
scripts/run-taze.shandscripts/check-tool.sh.\n- [EXTERNAL_DOWNLOADS] (SAFE): The README recommends installing established tools liketazeandpip-auditfrom trusted package registries.\n- [PROMPT_INJECTION] (LOW): Detected surface for Indirect Prompt Injection (Category 8) where untrusted data from project files could influence agent behavior.\n - Ingestion points: Reads metadata from
package.json,requirements.txt,go.mod, etc.\n - Boundary markers: Absent. No specific delimiters or safety warnings are provided for the processed data.\n
- Capability inventory: The skill can execute shell commands and scripts.\n
- Sanitization: Absent. The scripts pass arguments directly to the underlying tools.
Audit Metadata