vite-starter
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands by directly interpolating user-provided project names into commands like
pnpm create vite <项目名称>. This behavior allows for potential command injection if the user input is not properly sanitized or escaped. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) where external user input directly influences executable logic.
- Ingestion points: User-provided project names and framework preferences in
SKILL.md. - Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore embedded instructions in the project name.
- Capability inventory: The skill has access to shell commands via
pnpm,npm,yarn,bun, andnpxas defined inSKILL.md. - Sanitization: Absent; no validation or escaping logic is defined to protect against malicious input.
- [EXTERNAL_DOWNLOADS]: The skill suggests fetching project templates from external GitHub repositories using the
tigedutility. While it mentions well-known community repositories, it also allows arbitrary user/repo combinations. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of code downloaded from external sources through commands like
pnpm installandpnpm dev. If a community template is compromised, malicious code could be executed during the project setup process.
Audit Metadata