iblai-security-dependency-audit
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is intended for security auditing and providing remediation guidance. Its functionality is entirely aligned with its described purpose of improving a project's security posture.
- [COMMAND_EXECUTION]: The skill uses standard, well-known CLI tools for security analysis, including
npm audit,pip-audit,govulncheck,cargo audit, andtrivy. These commands are used to scan local project files for known vulnerabilities. - [PROMPT_INJECTION]: The skill processes project manifest files and configuration data (e.g.,
package.json,.env, CI/CD workflows) which could serve as a vector for indirect prompt injection. However, the skill's instructions focus on structured auditing, and the capabilities requested are appropriate for its functional scope. - Ingestion points: Project manifests (
package.json,requirements.txt,Gemfile,go.mod, etc.), environment variables (.env), and CI/CD configurations (.github/workflows). - Boundary markers: No explicit instructions are provided to the agent to treat file contents as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill uses
Bash,Read,Write,Grep,Glob, andWebSearchto facilitate the discovery and documentation of vulnerabilities. - Sanitization: The skill does not define specific sanitization or validation logic for the external data it processes.
Audit Metadata