dependency-audit
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the gh-manager CLI tool to fetch dependency graphs, list Dependabot PRs, and perform pull request merges.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from external sources such as package names and pull request titles.\n
- Ingestion points: Output from gh-manager deps graph and gh-manager deps dependabot-prs (SKILL.md) containing external package metadata.\n
- Boundary markers: Absent; the instructions do not use delimiters to isolate external content from internal logic.\n
- Capability inventory: The skill can perform write operations via gh-manager prs merge (SKILL.md) to modify the repository state.\n
- Sanitization: Absent; external data is presented and processed without explicit validation or escaping. Note: The risk of automated exploitation is significantly mitigated by a mandatory human-in-the-loop approval step (AskUserQuestion) required before any merges are finalized.
Audit Metadata