vibe-code-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided source code which introduces a surface for indirect prompt injection.
- Ingestion points: Source code or files provided by the user in the conversation as per the 'Task-Specific Inputs' section.
- Boundary markers: None identified in the prompt template to separate user-provided code from the agent's instructions.
- Capability inventory: The skill is restricted to generating a text-based audit report and does not have network, file-system, or subprocess execution capabilities.
- Sanitization: No input sanitization or validation of the provided code content is implemented.
- [NO_CODE]: The skill consists entirely of natural language instructions in a Markdown file and does not include any executable scripts, binaries, or package dependencies.
Audit Metadata