skills/dnyoussef/ai-chrome-extension/when-mapping-dependencies-use-dependency-mapper/Gen Agent Trust Hub
when-mapping-dependencies-use-dependency-mapper
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and run theclaude-flow@alphapackage at runtime, as seen in theslash-command-dep-map.shscript and subagent instructions. This involves fetching packages from the npm registry that are not explicitly verified dependencies. - [REMOTE_CODE_EXECUTION]: Executing
npx claude-flow@alphaconstitutes remote code execution, as the package content is retrieved from a remote registry and executed in the local environment. - [COMMAND_EXECUTION]: The skill executes several system commands and package manager CLI tools, including
npm audit,cargo,jq, andmd5sum, to extract dependency trees and verify environment states. - [DATA_EXFILTRATION]: During the security analysis phase, the skill sends a list of project dependencies and their versions to external services such as Snyk (
api.snyk.io), GitHub Security Advisories, and OSV databases. This is documented functionality but involves transmitting project metadata to external endpoints. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted project files like
package.jsonorCargo.toml. - Ingestion points: Manifest and lock files (
package.json,package-lock.json,Cargo.toml, etc.). - Boundary markers: No explicit markers are used to delimit untrusted data in the analysis logic.
- Capability inventory: Subprocess execution of CLI tools and network requests to external APIs.
- Sanitization: The skill lacks documented sanitization or validation of parsed manifest data before it is used in report generation or CLI commands.
Audit Metadata