vite-expert
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform environment discovery and build validation, executing commands like 'vite --version', 'npm run build', 'find', 'grep', 'lsof', and 'env'. These commands are used appropriately to diagnose configuration issues and verify build outputs within the project directory.\n- [EXTERNAL_DOWNLOADS]: The skill references 'npx vite-bundle-analyzer' to perform bundle size analysis. This command downloads and executes a well-known utility from the npm registry, which is standard practice for frontend performance tuning.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and processes external data from project files such as 'package.json', 'vite.config.js', and application source code.\n
- Ingestion points: Content is read from the local file system using 'Read', 'Grep', and 'Glob' tools.\n
- Boundary markers: The instructions do not include markers or warnings to the agent to treat the analyzed code as untrusted data or to ignore embedded instructions within comments or metadata.\n
- Capability inventory: The skill has access to powerful tools including 'Bash', 'Edit', and 'MultiEdit', which could be misused if the agent were to follow instructions hidden within project files.\n
- Sanitization: No explicit sanitization or content validation is performed on the data ingested from the project files.
Audit Metadata