vibecode-saas-app
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses explicit role-play and behavioral directives (e.g., 'You are the SaaS Architect', 'You DO NOT wait for orders', 'PROCEED IMMEDIATELY') to override default agent behaviors. While functional for the application's design purpose, these techniques are standard markers for behavioral manipulation.
- [COMMAND_EXECUTION]: In the 'CODER PACK' section, the agent is instructed to generate file paths and provide shell commands to the user (e.g., 'npm install', 'npm run dev'). This facilitates the generation of executable instructions based on AI output.
- [DATA_EXFILTRATION]: Detailed analysis of Category 8 (Indirect Prompt Injection) surface:
- Ingestion points: Untrusted data enters the agent context through 'Step 2: CONTEXT', where users provide business problems, target user descriptions, and feature requirements.
- Boundary markers: The skill uses template-style placeholders (e.g., '[App Name]', '[Problem]') for interpolation, which provides limited isolation between system instructions and user-provided data.
- Capability inventory: The agent has the capability to generate a full codebase structure and suggest command-line execution steps based on the provided context.
- Sanitization: No explicit sanitization or validation logic is defined to inspect user context for malicious instructions before it is used to generate the final 'BLUEPRINT' or 'CODER PACK'.
Audit Metadata