iblai-vibe-security-dependency-audit
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes untrusted project manifests and code, which is a surface for indirect prompt injection.\n
- Ingestion points: Reads dependency manifests (e.g., package.json, requirements.txt) and source code for manual auditing.\n
- Boundary markers: The skill does not define specific delimiters for separating user-provided data from instructions.\n
- Capability inventory: Has access to Bash, WebSearch, and file system tools for deep project analysis.\n
- Sanitization: No explicit data sanitization or filtering is described.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run local auditing commands such as npm audit, pip-audit, safety, and trivy to analyze project dependencies.\n- [EXTERNAL_DOWNLOADS]: The security auditing tools used by the skill connect to well-known registries and vulnerability databases to fetch advisory information.
Audit Metadata