reviewing-vitest-config
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (INFO): The skill ingests untrusted data from local Vitest configuration and test files. This creates a surface for indirect prompt injection, but the risk is negligible as the skill's capabilities are restricted to reading and reporting. It lacks write, network, or arbitrary execution permissions.
- [Command Execution] (INFO): The skill employs standard file system tools such as Glob and Grep for static analysis. These are used in a limited, non-executable context to find specific configuration patterns and do not present a risk of arbitrary command injection.
Audit Metadata