npm-vulnerability-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches package metadata and vulnerability advisories from the official npm registry (
registry.npmjs.org) to perform its analysis. These operations target a well-known service and are consistent with the skill's stated purpose. - [DATA_EXPOSURE]: In
scripts/package_manager_adapter.js, thegetManagerInfomethod executesnpm config list --json. This command gathers environment configuration which may include paths, local settings, or non-sensitive configuration data. While intended for reporting tool information, agents should be cautious about sharing this output if the environment contains sensitive project-specific configurations. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external sources (npm vulnerability advisories) and renders it into reports, creating an injection surface.
- Ingestion points: Vulnerability titles, descriptions, and URLs are fetched from the npm registry via
npm auditinscripts/scan_version.js. - Boundary markers: No delimiters or safety instructions are used to wrap the ingested external content.
- Capability inventory: The skill has the capability to write files to the local system (
reports/directory) and execute shell commands (npm,pnpm,yarn). - Sanitization: In
assets/visualization_template.html, the client-side JavaScript injects vulnerability titles directly into the DOM usinginnerHTML(e.g.,detailsHtml += ... <td>${vuln.title}</td>). This constitutes a stored Cross-Site Scripting (XSS) vulnerability if an attacker publishes a package with a malicious vulnerability title that is subsequently analyzed by this tool.
Audit Metadata