when-mapping-dependencies-use-dependency-mapper

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and run the claude-flow@alpha package at runtime, as seen in the slash-command-dep-map.sh script and subagent instructions. This involves fetching packages from the npm registry that are not explicitly verified dependencies.
  • [REMOTE_CODE_EXECUTION]: Executing npx claude-flow@alpha constitutes remote code execution, as the package content is retrieved from a remote registry and executed in the local environment.
  • [COMMAND_EXECUTION]: The skill executes several system commands and package manager CLI tools, including npm audit, cargo, jq, and md5sum, to extract dependency trees and verify environment states.
  • [DATA_EXFILTRATION]: During the security analysis phase, the skill sends a list of project dependencies and their versions to external services such as Snyk (api.snyk.io), GitHub Security Advisories, and OSV databases. This is documented functionality but involves transmitting project metadata to external endpoints.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted project files like package.json or Cargo.toml.
  • Ingestion points: Manifest and lock files (package.json, package-lock.json, Cargo.toml, etc.).
  • Boundary markers: No explicit markers are used to delimit untrusted data in the analysis logic.
  • Capability inventory: Subprocess execution of CLI tools and network requests to external APIs.
  • Sanitization: The skill lacks documented sanitization or validation of parsed manifest data before it is used in report generation or CLI commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 03:22 AM
Security Audit — agent-trust-hub — when-mapping-dependencies-use-dependency-mapper