Skills
skills/trailofbits/skills/supply-chain-risk-auditor/Gen Agent Trust Hub

supply-chain-risk-auditor

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute GitHub CLI (gh) commands for retrieving repository statistics like star counts and issue activity. While this involves command construction from dependency names, it is a core part of the audit functionality.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from external project files without explicit sanitization instructions.
  • Ingestion points: Dependency names and repository URLs are read from local project files (e.g., package.json, requirements.txt).
  • Boundary markers: None are defined to isolate data being processed from the agent's instruction context.
  • Capability inventory: The agent has access to Bash, Write, Read, Glob, and Grep tools.
  • Sanitization: No specific escaping or validation logic is prescribed for the input data before it is used in shell commands or markdown output.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 05:14 PM