vibe-save
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from local files and shell command outputs, creating a surface for indirect prompt injection. 1. Ingestion points: Reads from .agent/context/task.md, vibe/worktrees.json, vibe/registry.json, vibe/tasks//task.json, and git status output. 2. Boundary markers: Missing explicit instructions to ignore embedded commands within the ingested data. 3. Capability inventory: Executes shell commands (git, gh, vibe) and writes to local context files. 4. Sanitization: No content validation or sanitization is performed on the ingested data.
- [COMMAND_EXECUTION]: The skill executes shell commands (git, gh, vibe) to retrieve system state and synchronize task data, including the use of command substitution to resolve git directories.
Audit Metadata