dependency-confusion
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill content is educational and focuses on supply-chain security testing methodology.
- [COMMAND_EXECUTION]: Provides standard CLI examples for package managers (npm, pip, gem) to query public metadata as part of reconnaissance.
- [EXTERNAL_DOWNLOADS]: References documentation and tools from trusted security researchers and organizations on GitHub.
- [SAFE]: PoC templates for execution verification use non-functional placeholders and are designed for authorized callback testing rather than data exfiltration or malicious intent.
Audit Metadata