skills/unlearndev/skills/warm/Gen Agent Trust Hub

warm

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external, potentially untrusted sources (project manifest files like package.json or requirements.txt).
  • Ingestion points: The skill reads dependency names and versions from manifest files using git diff and cat across multiple ecosystems (JS, Python, PHP, etc.).
  • Boundary markers: There are no clear boundary markers or instructions to the agent to treat extracted strings as untrusted data when interpolating them into subsequent tool calls.
  • Capability inventory: The skill has access to powerful tools including Bash (git, npm, composer, pip-audit), WebFetch, and WebSearch.
  • Sanitization: The instructions do not specify any validation or sanitization of the package names or versions before they are used as arguments for CLI tools or web searches.
  • [COMMAND_EXECUTION]: The skill requests broad shell access to utilities such as git, npm, composer, pip-audit, find, ls, and grep. This access is necessary for its primary purpose of auditing the local repository, but it provides a wide execution surface.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to perform network operations using WebFetch and WebSearch to query public registries (e.g., npm) and security advisory databases for dependency metadata and CVEs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 01:35 PM
Security Audit — agent-trust-hub — warm