dependency-confusion-detect
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill constructs and executes shell commands using untrusted external data such as package names and manifest file contents (package.json, requirements.txt), which allows for potential command injection attacks.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of external tools (Confused and GuardDog) from third-party repositories during the prerequisite phase, which poses a supply chain risk.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) by processing untrusted external content with execution-capable tools. Evidence: 1. Ingestion points: package.json, requirements.txt, pom.xml, and package-name variables. 2. Boundary markers: Absent; no delimiters are used to wrap external content. 3. Capability inventory: Execution of system commands via 'confused' and 'guarddog'. 4. Sanitization: Absent; there is no evidence of input validation or escaping for the processed data.
Recommendations
- AI detected serious security threats
Audit Metadata