dependency-architecture
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references evaluation and documentation artifacts hosted on the author's public GitHub repository (github.com/jacob-balslev/skill-graph). These references are used for metadata and evaluation purposes and do not involve the download or execution of untrusted scripts.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and analyze untrusted external data such as package.json, go.mod, and other dependency manifests. An attacker could embed malicious instructions in these files to attempt to influence the agent's reasoning. 1. Ingestion points: Dependency manifest files and lockfiles in the target repository's root. 2. Boundary markers: The instructions do not define clear delimiters or warnings to the agent regarding the untrusted nature of audited project files. 3. Capability inventory: The execution environment is restricted to Read and Grep tools, which significantly mitigates the risk of remote code execution or system modification via injection. 4. Sanitization: No explicit content sanitization or validation logic is defined for the analyzed dependency data.
- [COMMAND_EXECUTION]: The instructional content suggests the use of standard development tools such as npm, pnpm, cargo, and pipdeptree to inspect project dependencies. These are routine operations for the skill's stated purpose of dependency auditing.
Audit Metadata