warm
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external, potentially untrusted sources (project manifest files like
package.jsonorrequirements.txt). - Ingestion points: The skill reads dependency names and versions from manifest files using
git diffandcatacross multiple ecosystems (JS, Python, PHP, etc.). - Boundary markers: There are no clear boundary markers or instructions to the agent to treat extracted strings as untrusted data when interpolating them into subsequent tool calls.
- Capability inventory: The skill has access to powerful tools including
Bash(git, npm, composer, pip-audit),WebFetch, andWebSearch. - Sanitization: The instructions do not specify any validation or sanitization of the package names or versions before they are used as arguments for CLI tools or web searches.
- [COMMAND_EXECUTION]: The skill requests broad shell access to utilities such as
git,npm,composer,pip-audit,find,ls, andgrep. This access is necessary for its primary purpose of auditing the local repository, but it provides a wide execution surface. - [EXTERNAL_DOWNLOADS]: The skill is designed to perform network operations using
WebFetchandWebSearchto query public registries (e.g., npm) and security advisory databases for dependency metadata and CVEs.
Audit Metadata