Skills
skills/athola/claude-night-market/dependency-verification/Gen Agent Trust Hub

dependency-verification

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is purely instructional and defines a security best practice for validating dependencies. It encourages the use of official registries (PyPI, npm, and crates.io) to verify package existence.
  • [EXTERNAL_DOWNLOADS]: The skill mentions using curl to query official package registries such as pypi.org, registry.npmjs.org, and crates.io. These are well-known and trusted services used for their intended purpose of dependency verification.
  • [COMMAND_EXECUTION]: While the skill discusses running package managers (like pip, npm, cargo), it does not execute them itself. It provides a manual curl example for registry lookups, which is a benign diagnostic command.
  • [PROMPT_INJECTION]: No evidence of malicious instructions or attempts to bypass agent safety filters. The instructions are focused on enhancing the agent's accuracy and security regarding package management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 12:19 PM
Security Audit — agent-trust-hub — dependency-verification