dep-audit
Fail
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains instructions and strings recommending the installation of the syft tool via a remote shell script (curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh). While this is a common practice for this tool, piping remote content directly to a shell is a dangerous pattern.\n- [EXTERNAL_DOWNLOADS]: The skill references and suggests downloading code from an external GitHub repository (raw.githubusercontent.com/anchore/syft/main/install.sh) for SBOM generation capabilities.\n- [COMMAND_EXECUTION]: The skill requires execution permissions to run various system binaries and ecosystem-specific tools (npm, pip-audit, cargo-audit, govulncheck, syft, jq) across its shell scripts.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.\n
- Ingestion points: The skill reads data from untrusted project lockfiles including package-lock.json, requirements.txt, Cargo.lock, and go.sum in its audit scripts (scripts/audit-npm.sh, scripts/audit-pip.sh, etc.).\n
- Boundary markers: Absent. The skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded in package metadata or vulnerability descriptions.\n
- Capability inventory: Significant. The agent has the ability to read files, execute commands, and write SBOM files to the project directory.\n
- Sanitization: Present. The underlying bash scripts use jq --arg for variable interpolation and custom json_escape functions to prevent direct shell command injection from lockfile content.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/anchore/syft/main/install.sh - DO NOT USE without thorough review
Audit Metadata