deps-dev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The script communicates with the deps.dev API (api.deps.dev) to retrieve package metadata. This network activity is documented, restricted to its primary function, and does not involve sensitive local data or credentials.
- [Indirect Prompt Injection] (SAFE): The skill processes metadata from an external source. Ingestion points: Package metadata retrieved via urllib.request.urlopen in scripts/deps-dev.py. Boundary markers: Absent. Capability inventory: No high-risk capabilities (command execution, file-writes) were detected. Sanitization: Input parameters are correctly URL-encoded using urllib.parse.quote.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The script relies exclusively on Python standard libraries and does not download or execute remote code.
Audit Metadata