ln-644-dependency-graph-auditor
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted project documentation and source code to perform its audit. This ingestion creates a vulnerability surface for indirect prompt injection. * Ingestion points: project configuration files and source code read in SKILL.md Phases 1 and 2. * Boundary markers: None identified. * Capability inventory: Access to Bash, Read, and Write tools, as well as multiple MCP tools for graph and line analysis. * Sanitization: External content is not sanitized before processing.
- [COMMAND_EXECUTION]: The helper script references/agents/agent_runner.mjs uses node:child_process to spawn sub-agents for specialized analysis. It executes local commands based on a configuration registry and agent-derived prompts, representing a significant capability for local process execution.
Audit Metadata