security-vite
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill includes a local bash script
scripts/scan.shdesigned to audit project files. It uses standard system tools (grep,find,ripgrep) to search for security patterns. - The script operates entirely on the local file system and does not perform network operations or require elevated privileges.
- [DATA_EXPOSURE] (SAFE): While the skill instructions and script reference sensitive patterns (e.g., API key formats like
AKIAorsk_live), these are used as search terms for detection rather than being hardcoded credentials or data exfiltration attempts. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted project data (e.g.,
.envfiles and source code) and presents the findings to the agent. This creates a surface where malicious content in a scanned file could attempt to influence the agent's summary of the scan. However, the skill provides clear rules and a structured checklist to guide the agent's interpretation, minimizing this risk.
Audit Metadata