socket-scan
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the Socket CLI and cdxgen from the npm registry at runtime using
npx(e.g.,npx socket,npx @cyclonedx/cdxgen). This ensures the latest version is used but involves downloading and executing remote code. - [COMMAND_EXECUTION]: The skill executes multiple shell commands to perform dependency scans and audits. This includes running
npx socket,npx @cyclonedx/cdxgen, and native audit tools such asnpm audit,pnpm audit, andyarn audit. - [CREDENTIALS_UNSAFE]: A hardcoded public demo API token (
sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api) is provided in the instructions and setup steps. While this is a vendor-supplied demo token for unauthenticated access, hardcoding credentials in skill files is generally discouraged. - [DATA_EXFILTRATION]: Project dependency information is uploaded to the Socket vendor dashboard (
socket.dev) when the skill is run in persistent mode (npx socket scan create .). Temporary mode (--tmp) returns results locally, but the persistent mode is a documented feature for authenticated users. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted project manifest files (e.g.,
package.json,requirements.txt) using external tools. - Ingestion points: Project manifest and lock files (automatically detected by
socketandcdxgenin the target directory). - Boundary markers: None detected; the skill does not use specific delimiters to separate untrusted file content from instructions.
- Capability inventory: The skill can execute shell commands via
npxand read/write files (e.g., creatingbom.json). - Sanitization: No explicit sanitization or validation of the manifest file contents is performed before processing.
Audit Metadata