Skills
skills/instructa/agent-skills/package-security-check/Gen Agent Trust Hub

package-security-check

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/check_js_supply_chain.py script executes local shell commands such as pnpm --version and pnpm config get to gather environment and configuration data. These calls are implemented using subprocess.run with a list of arguments and shell=False, which is a safe practice for programmatic command execution.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests data from untrusted sources (the files of the repository being audited, such as package.json and CI configuration files) and presents this content to the agent in a report format. A malicious repository could include instructions in fields like package names or script commands to attempt to influence the agent's behavior.
  • Ingestion points: The scripts/check_js_supply_chain.py script reads package.json, lockfiles, and CI .yml files from the target repository.
  • Boundary markers: The skill does not currently use specific delimiters or instructions to the agent to ignore instructions embedded in the audit report.
  • Capability inventory: The agent has the capability to execute the auditing script and modify files in the repository if approved by the user.
  • Sanitization: The script performs JSON parsing and text reading but does not sanitize the contents of the audited files before they are displayed to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 07:14 PM