agentaudit 3.9.7 → 3.9.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +17 -15
- package/package.json +1 -1
package/index.mjs
CHANGED
|
@@ -563,29 +563,31 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
563
563
|
const version = data.latest_known_version || null;
|
|
564
564
|
const isOutdated = data.is_outdated;
|
|
565
565
|
|
|
566
|
-
|
|
567
|
-
summary
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
summary += `**Last Audited:** ${auditedAt}\n`;
|
|
571
|
-
if (version) summary += `**Audited Version:** ${version}\n`;
|
|
572
|
-
if (isOutdated) summary += `**⚠️ OUTDATED:** The package has been updated since the last audit!\n`;
|
|
573
|
-
if (data.source_url) summary += `**Source:** ${data.source_url}\n`;
|
|
574
|
-
summary += `**Registry:** ${REGISTRY_URL}/skills/${package_name}\n\n`;
|
|
575
|
-
|
|
576
|
-
// Agent instructions based on risk level
|
|
566
|
+
// Build response with risk assessment FIRST so the agent sees it immediately
|
|
567
|
+
let summary = '';
|
|
568
|
+
|
|
569
|
+
// Risk assessment at the very top — this is what the agent needs to act on
|
|
577
570
|
if (typeof risk === 'number' && risk >= 40) {
|
|
578
|
-
summary +=
|
|
571
|
+
summary += `🚨 UNSAFE — DO NOT INSTALL WITHOUT WARNING THE USER!\nRisk Score: ${risk}/100 | ${findings} finding(s)\n\nYou MUST tell the user: "${package_name}" has been flagged as HIGH RISK in a security audit. It has ${findings} security finding(s) and a risk score of ${risk}/100. Installing this package is NOT recommended. Ask the user if they want to proceed despite the risk, and link them to the full report: ${REGISTRY_URL}/skills/${package_name}\n\n`;
|
|
579
572
|
} else if (typeof risk === 'number' && risk >= 20) {
|
|
580
|
-
summary +=
|
|
573
|
+
summary += `⚠️ MODERATE RISK — Inform the user before installing.\nRisk Score: ${risk}/100 | ${findings} finding(s)\n\nTell the user: "${package_name}" has some security findings (risk ${risk}/100). Recommend they review the report before installing: ${REGISTRY_URL}/skills/${package_name}\n\n`;
|
|
581
574
|
} else if (typeof risk === 'number') {
|
|
582
|
-
summary +=
|
|
575
|
+
summary += `✅ LOW RISK — Safe to install.\nRisk Score: ${risk}/100 | ${findings} finding(s)\n\nThis package has been audited and appears safe. You can proceed with installation.\n\n`;
|
|
583
576
|
}
|
|
584
577
|
|
|
585
578
|
if (isOutdated) {
|
|
586
|
-
summary +=
|
|
579
|
+
summary += `⚠️ OUTDATED: The package has changed since the last audit. Consider running a fresh audit first.\n\n`;
|
|
587
580
|
}
|
|
588
581
|
|
|
582
|
+
// Details section
|
|
583
|
+
summary += `--- Details ---\n`;
|
|
584
|
+
summary += `Package: ${package_name}\n`;
|
|
585
|
+
summary += `Status: ${official}\n`;
|
|
586
|
+
summary += `Last Audited: ${auditedAt}\n`;
|
|
587
|
+
if (version) summary += `Audited Version: ${version}\n`;
|
|
588
|
+
if (data.source_url) summary += `Source: ${data.source_url}\n`;
|
|
589
|
+
summary += `Registry: ${REGISTRY_URL}/skills/${package_name}\n`;
|
|
590
|
+
|
|
589
591
|
return { content: [{ type: 'text', text: summary }] };
|
|
590
592
|
} catch (err) {
|
|
591
593
|
return { content: [{ type: 'text', text: `Registry lookup failed: ${err.message}` }] };
|