npm-vulnerability-analysis

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches package metadata and vulnerability advisories from the official npm registry (registry.npmjs.org) to perform its analysis. These operations target a well-known service and are consistent with the skill's stated purpose.
  • [DATA_EXPOSURE]: In scripts/package_manager_adapter.js, the getManagerInfo method executes npm config list --json. This command gathers environment configuration which may include paths, local settings, or non-sensitive configuration data. While intended for reporting tool information, agents should be cautious about sharing this output if the environment contains sensitive project-specific configurations.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external sources (npm vulnerability advisories) and renders it into reports, creating an injection surface.
  • Ingestion points: Vulnerability titles, descriptions, and URLs are fetched from the npm registry via npm audit in scripts/scan_version.js.
  • Boundary markers: No delimiters or safety instructions are used to wrap the ingested external content.
  • Capability inventory: The skill has the capability to write files to the local system (reports/ directory) and execute shell commands (npm, pnpm, yarn).
  • Sanitization: In assets/visualization_template.html, the client-side JavaScript injects vulnerability titles directly into the DOM using innerHTML (e.g., detailsHtml += ... <td>${vuln.title}</td>). This constitutes a stored Cross-Site Scripting (XSS) vulnerability if an attacker publishes a package with a malicious vulnerability title that is subsequently analyzed by this tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:20 AM
Security Audit — agent-trust-hub — npm-vulnerability-analysis