vibe-deck
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to verify the environment (node, npm), scaffold the project (cp, git init), and manage the development lifecycle (npm install, npm run dev).- [EXTERNAL_DOWNLOADS]: The project template includes a package.json file that triggers the download of standard, well-known dependencies from the public NPM registry during the initialization phase.- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface through its data extraction workflow which processes user-provided Excel files.
- Ingestion points: The script
template/scripts/extract-xlsx.jsis designed to read and parse external.xlsxfiles into JSON data for the presentation. - Boundary markers: The instructions lack explicit delimiters or 'ignore' directives to prevent the agent from interpreting text content within the Excel files as malicious instructions.
- Capability inventory: The agent has the capability to write files to the project directory and execute shell commands, which could be abused if malicious instructions are processed.
- Sanitization: No specific sanitization or validation logic is present to filter or escape the content extracted from external data sources before it is used by the agent.
Audit Metadata