python-pip-audit
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading vulnerability data from well-known and trusted services, including the PyPI JSON API and the Google Open Source Vulnerabilities (OSV) database.
- [COMMAND_EXECUTION]: Provides standard shell commands for installing the pip-audit utility via package managers (pip, pipx, conda) and executing scans on local dependency files.
- [REMOTE_CODE_EXECUTION]: References the official GitHub Action (pypa/gh-action-pip-audit) and pre-commit hooks maintained by the Python Packaging Authority (PyPA), which is a well-known and trusted organization within the Python community.
- [PROMPT_INJECTION]: No malicious prompt injection patterns were found. The skill includes a 'Security Model' section that explicitly warns the user that auditing a requirements file involves dependency resolution, which is functionally equivalent to installation, thereby encouraging safe usage with trusted inputs.
Audit Metadata