Skills
skills/github/copilot-plugins/dependency-scanning/Gen Agent Trust Hub

dependency-scanning

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Uses standard git and bash commands to identify modified dependency manifests and manage temporary worktrees for analysis.
  • [EXTERNAL_DOWNLOADS]: Provides instructions to download and install the official Dependabot CLI from GitHub's releases. As this originates from a trusted organization, it is considered a legitimate operation for the skill's intended functionality.
  • [DATA_EXFILTRATION]: Sends package metadata (name, version, ecosystem) to the GitHub MCP server (api.githubcopilot.com) to check against the GitHub Advisory Database. This is the intended primary function of the skill and uses vendor-owned infrastructure.
  • [REMOTE_CODE_EXECUTION]: Executes the dependabot CLI locally to generate dependency graphs. Since the binary is sourced from an official repository, this is consistent with the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 03:43 PM
Security Audit — agent-trust-hub — dependency-scanning