Skills
skills/vchirrav/owasp-secure-coding-md/sca-npm-audit/Gen Agent Trust Hub

sca-npm-audit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill executes shell commands including 'npm audit' and 'npm audit fix'. These operations are standard for development but involve modifying local project files and interacting with the network to download package metadata.
  • [Indirect Prompt Injection] (LOW): The skill processes and displays data derived from the npm registry and local dependency files, which are external to the agent's core logic.
  • Ingestion points: The skill reads npm-audit-results.json, which contains data from the external npm registry.
  • Boundary markers: Absent; there are no specific instructions to ignore or delimit instructions within the audit data.
  • Capability inventory: The skill can modify the local filesystem and install packages via npm audit fix.
  • Sanitization: None; the agent is instructed to parse and present the JSON output directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM