claude-md-dependency-rescan
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a read-only process for scanning and comparing dependency manifest files with project documentation. It includes explicit instructions to avoid file modifications or proposing edits.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from external manifest files.\n
- Ingestion points: Accesses package.json, requirements.txt, pyproject.toml, go.mod, Cargo.toml, and CLAUDE.md files.\n
- Boundary markers: No explicit markers are used to encapsulate or warn the agent about untrusted content from the scanned files.\n
- Capability inventory: Limited to read operations via Read, Grep, and restricted Bash (find/cat) commands.\n
- Sanitization: No data validation or sanitization of the file content is performed prior to processing.
Audit Metadata