sca-npm-audit
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes external JSON data from the npm registry and uses it to drive agent decisions and file-system modifications. 1. Ingestion points: npm-audit-results.json in SKILL.md. 2. Boundary markers: Absent; the agent is directed to read the JSON output directly. 3. Capability inventory: Terminal access for 'npm audit fix', 'npm audit fix --force', and 'cd'. 4. Sanitization: Absent; the skill lacks validation of the external registry data before acting upon it.
- [Command Execution] (MEDIUM): The skill executes shell commands that can modify the user's project environment and install/update packages, potentially causing breaking changes or executing malicious code if registry data is compromised.
- [External Downloads] (LOW): The skill triggers the download of external packages from the npm registry via 'npm audit fix'. Although the registry is a standard source, the automated nature of these downloads without verification poses a risk.
Recommendations
- AI detected serious security threats
Audit Metadata