supply-chain-advisory
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is well-documented and its operations align with its security-focused purpose.
- [DATA_EXFILTRATION]: The skill facilitates the auditing of sensitive file paths (e.g., .venv/*/METADATA, ~/.ssh) and environment variables to identify potential breaches. It includes a forensic command to capture environment state to a local file. No external exfiltration was detected.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from project lockfiles (uv.lock, requirements.txt) to match against a blocklist. 1. Ingestion points: Lockfile contents parsed in modules/scanning-patterns.md. 2. Boundary markers: Absent. 3. Capability inventory: Shell commands (find, grep, rg, env) used for auditing. 4. Sanitization: Employs Python regular expressions to extract specific package and version data, reducing the risk of malicious payload execution.
Audit Metadata