resolve-cve
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads dependency management files (
pyproject.toml,uv.lock) to verify if the project is affected by a specific CVE. This is a standard and safe operation required for vulnerability assessment. - [EXTERNAL_DOWNLOADS]: The skill performs searches on the National Vulnerability Database (NVD) via WebSearch to retrieve CVSS scores. This utilizes a well-known and trusted security service to fulfill the skill's primary purpose.
- [COMMAND_EXECUTION]: The skill executes local verification commands such as
make verify,make check-types, andmake test-unit. These are routine development practices used to ensure that code changes or dependency updates do not break the application. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from Jira issue summaries and descriptions. While this provides a theoretical surface for indirect prompt injection, the skill includes a mandatory 'GATE' instruction that prohibits the agent from proceeding with any modifications or Jira transitions without explicit user acknowledgment and confirmation.
Audit Metadata