vibelink-push
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill archives and transmits the contents of the current working directory to
vibelink.tousingcurl. While it attempts to exclude.envfiles, any other sensitive data or hardcoded credentials within the project files are exfiltrated to a non-whitelisted external domain. - [COMMAND_EXECUTION] (MEDIUM): The skill executes arbitrary commands found in
package.jsonscripts to start a development server and capture screenshots. A malicious repository could contain harmful shell commands in thedevorstartscripts which would be executed with the user's privileges. - [CREDENTIALS_UNSAFE] (LOW): The skill manages and stores persistent 'author tokens' in plain text within the
~/.vibelink-tokens/directory. While used for legitimate service authentication, these are locally stored secrets managed by the skill. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface: The skill ingests untrusted content from
package.jsonandREADME.md(Ingestion Points) and uses this data to influence agent behavior without boundary markers or sanitization. This is particularly risky given the skill's capabilities (Capability Inventory) to execute shell commands and perform network uploads.
Audit Metadata