review-deps
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several standard package manager audit utilities, including
npm audit,pip-audit,cargo audit,govulncheck, andcomposer audit, to identify security issues within the project's dependency tree. - [DATA_EXFILTRATION]: Queries the GitHub API via the
ghCLI to retrieve Dependabot alerts. This operation communicates with a well-known service and is restricted to the repository's security metadata. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by processing third-party manifest and lock files (e.g.,
package.json,Cargo.lock) that could contain untrusted data. - Ingestion points: Reads project manifest and lock files during Phase 1 and processes audit tool output in Phase 2.
- Boundary markers: Explicitly defined 'Anti-Hallucination Guidelines' and 'Verification & Quality Check' phases (Phase 6) instruct the agent to ground all findings in actual tool output.
- Capability inventory: Executes system audit commands and dispatches specialized sub-agents for analysis.
- Sanitization: The verification phase mandates that every vulnerability and license finding must be cross-referenced against raw tool output and official advisory identifiers (CVE/GHSA), preventing the agent from being influenced by potentially malicious text in manifest descriptions.
Audit Metadata