deps

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using local package managers (npm, pnpm, pip, cargo, and bundle) to audit dependencies, check for outdated versions, and update packages.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: Processes $ARGUMENTS to select and execute commands in SKILL.md.
  • Boundary markers: Absent; user-provided arguments are used directly to drive logic.
  • Capability inventory: Access to system shell and package manager binaries (pnpm, pip, cargo, bundle) documented in SKILL.md.
  • Sanitization: Absent; the skill instructions do not specify input validation or escaping for the package names or arguments passed to the underlying shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:17 PM
Security Audit — agent-trust-hub — deps