skills/levnikolaevich/claude-code-skills/ln-820-dependency-optimization-coordinator/Gen Agent Trust Hub
ln-820-dependency-optimization-coordinator
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Utilizes local CLI scripts (e.g.,
shared/scripts/dependency-runtime/cli.mjs) to manage the upgrade lifecycle, state checkpoints, and result recording. - [EXTERNAL_DOWNLOADS]: Contains logic to retrieve missing skill dependencies from the author's official GitHub repository (
levnikolaevich/claude-code-skills) if local copies are not present. - [REMOTE_CODE_EXECUTION]: Orchestrates the installation and execution of security scanning tools (e.g.,
pip-audit) and various package managers to perform project-wide upgrades. - [PROMPT_INJECTION]: The skill processes untrusted project manifests and worker outputs, presenting a potential indirect injection surface. Evidence chain:
- Ingestion points: Project manifests (e.g.,
package.json,requirements.txt,*.csproj) and worker JSON summaries are read into context inSKILL.md(Phases 1 and 4). - Boundary markers: Employs structured JSON envelopes for worker communication and specifies ignoring prose output in favor of machine-readable summaries.
- Capability inventory: Coordinates shell commands and delegates tasks to external worker skills (
ln-821,ln-822,ln-823). - Sanitization: Uses structured data formats to minimize risks from free-text interpolation.
Audit Metadata