npm-namer
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a bundled Node.js script (
check.mjs) for name permutation and availability checks. It also includes a maintenance script (refresh-popular-names.mjs) that utilizesexecSyncto runnpmcommands. - [EXTERNAL_DOWNLOADS]: The
refresh-popular-names.mjsscript performs an external download of thedownload-countspackage from the official npm registry. This is documented as a necessary step for updating the popular names database used for typosquatting detection. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it interpolates untrusted user input (seeds and package names) directly into shell command arguments.
- Ingestion points: Untrusted data enters the context via the
$ARGUMENTSfield inSKILL.md. - Boundary markers: There are no explicit boundary markers or instructions to escape special characters in the command templates.
- Capability inventory: The skill performs network requests (registry checks), executes shell commands (
node,execSync), and performs file system operations (writeFileSync,rmSync) as described inSKILL.mdandrefresh-popular-names.mjs. - Sanitization: The instructions do not specify any sanitization, validation, or escaping of the user-supplied strings before they are used in a shell context.
Audit Metadata