iblai-security-dependency-audit

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is intended for security auditing and providing remediation guidance. Its functionality is entirely aligned with its described purpose of improving a project's security posture.
  • [COMMAND_EXECUTION]: The skill uses standard, well-known CLI tools for security analysis, including npm audit, pip-audit, govulncheck, cargo audit, and trivy. These commands are used to scan local project files for known vulnerabilities.
  • [PROMPT_INJECTION]: The skill processes project manifest files and configuration data (e.g., package.json, .env, CI/CD workflows) which could serve as a vector for indirect prompt injection. However, the skill's instructions focus on structured auditing, and the capabilities requested are appropriate for its functional scope.
  • Ingestion points: Project manifests (package.json, requirements.txt, Gemfile, go.mod, etc.), environment variables (.env), and CI/CD configurations (.github/workflows).
  • Boundary markers: No explicit instructions are provided to the agent to treat file contents as untrusted data or to ignore embedded instructions.
  • Capability inventory: The skill uses Bash, Read, Write, Grep, Glob, and WebSearch to facilitate the discovery and documentation of vulnerabilities.
  • Sanitization: The skill does not define specific sanitization or validation logic for the external data it processes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 03:47 PM
Security Audit — agent-trust-hub — iblai-security-dependency-audit