Skills
skills/varnan-tech/opendirectory/npm-downloads-to-leads/Gen Agent Trust Hub

npm-downloads-to-leads

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python shell blocks and a local script (scripts/fetch.py) to process data and calculate growth metrics. This is the intended behavior for lead generation and scoring.
  • [EXTERNAL_DOWNLOADS]: The skill fetches package metadata and download counts from official, well-known services (api.npmjs.org and api.github.com). These network operations are necessary for the skill's primary function and do not involve downloading executable code from untrusted sources.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the npm registry (package descriptions) and GitHub (user bios) to generate outreach messages. This is a common attack surface for indirect injection, though the risk is minimized by the skill's specific purpose of generating passive text for human review.
  • Ingestion points: Maintainer bios and package descriptions are fetched via API in scripts/fetch.py and processed in Step 6 of SKILL.md.
  • Boundary markers: None explicitly used to wrap external content during the generation of the lead brief.
  • Capability inventory: The skill has the ability to execute Python code, write files to the local docs/ directory, and perform network requests to npm and GitHub.
  • Sanitization: A self-QA step (Step 7) is implemented to filter forbidden words and verify data consistency before output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:52 PM
Security Audit — agent-trust-hub — npm-downloads-to-leads