deps
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using local package managers (npm, pnpm, pip, cargo, and bundle) to audit dependencies, check for outdated versions, and update packages.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: Processes
$ARGUMENTSto select and execute commands inSKILL.md. - Boundary markers: Absent; user-provided arguments are used directly to drive logic.
- Capability inventory: Access to system shell and package manager binaries (
pnpm,pip,cargo,bundle) documented inSKILL.md. - Sanitization: Absent; the skill instructions do not specify input validation or escaping for the package names or arguments passed to the underlying shell commands.
Audit Metadata