Skills
skills/el-feo/ai-context/vitest/Gen Agent Trust Hub

vitest

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation in README.md and references/MIGRATION_SCRIPT.md explicitly encourages a dangerous workflow where users download scripts from a remote URL and execute them locally (e.g., curl -o migrate-to-vitest.sh [script-url] && chmod +x migrate-to-vitest.sh && ./migrate-to-vitest.sh). This 'curl | bash' pattern is a significant security risk.
  • [COMMAND_EXECUTION]: The provided migration scripts (scripts/comprehensive-migrate.sh and scripts/quick-migrate.sh) perform several high-impact actions:
  • They execute automated git add and git commit commands, which can lead to accidental exposure of secrets if they are currently uncommitted in the working directory.
  • They perform global package installations (npm install -g @vitest-codemod/jest), which modifies the system environment and often requires elevated privileges.
  • They use node -e to dynamically execute JavaScript code for programmatically editing configuration files (tsconfig.json).
  • They use rm -f to delete existing configuration files without backups (unless manually backed up by the comprehensive script).
  • [EXTERNAL_DOWNLOADS]: The skill is heavily dependent on downloading and executing external code. It recommends running npx @vitest-codemod/jest and the migration scripts automatically install various npm packages.
  • [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted project files (test files, configuration files) and prompts the agent to 'fix issues one by one' based on potentially poisoned file content or test outputs.
  • Ingestion points: The scripts and instructions involve reading files in the src/ and test/ directories and processing CLI error logs.
  • Boundary markers: No delimiters or safety instructions are provided to the agent to prevent it from following instructions embedded in the files it analyzes.
  • Capability inventory: The skill possesses extensive capabilities including network operations (npm), file system writes, and shell command execution.
  • Sanitization: No sanitization of the content from the processed files is performed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 02:48 PM