vibe-deck
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to scaffold project files and manage the development environment. Evidence: SKILL.md contains instructions for
cp -r,git init,npm install, andnpm run dev. - [EXTERNAL_DOWNLOADS]: The skill downloads project dependencies from the public npm registry, which is a well-known service. Evidence: template/package.json lists several third-party libraries like
echarts,framer-motion, andxlsxwhich are installed during the setup phase. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external spreadsheet data. Ingestion points: User-provided Excel files are read by the
template/scripts/extract-xlsx.jsscript. Boundary markers: The current data extraction workflow lacks explicit delimiters or instructions to ignore embedded natural language commands within the processed data. Capability inventory: The agent has permissions to perform filesystem writes and execute shell commands related to building and running the project. Sanitization: While data is structured into JSON, there is no content-based filtering to prevent malicious instructions embedded within spreadsheet cells from influencing the agent's logic.
Audit Metadata