js-deps
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes package manager commands (npm, yarn, pnpm, bun) to perform audits and updates. It also runs repository-defined scripts (build, lint, test) to validate changes within an isolated worktree.- [EXTERNAL_DOWNLOADS]: The skill downloads package manifests and binaries from official public registries (e.g., registry.npmjs.org) to facilitate dependency updates and security audits.- [PROMPT_INJECTION]: The skill is designed to handle potential indirect prompt injection from malicious manifest data. It implements a mandatory evidence chain for safety:
- Ingestion points: Untrusted data is ingested from package.json, lockfiles, and package manager output (SKILL.md Step 4).
- Boundary markers: Explicit instructions define a 'Data boundary' to treat manifest content as structured data and ignore free-text fields (SKILL.md Step 4, Step 10).
- Capability inventory: Capabilities include shell execution for installations/scripts, git operations, and GitHub CLI PR creation (SKILL.md, audit-workflow.md).
- Sanitization: The agent is instructed to extract only specific required fields (names, versions) and never interpret manifest text as instructions.
Audit Metadata