vibe-agents
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs local file operations to generate configuration templates from user-provided documentation. It does not access sensitive system paths, hardcoded credentials, or network resources.
- [SAFE]: No obfuscation, remote code execution patterns, or privilege escalation attempts were detected. The skill operates entirely within the project context provided by the user.
- [PROMPT_INJECTION]: The skill ingests untrusted data from local documents to populate configuration templates. 1. Ingestion points: docs/PRD-.md and docs/TechDesign-.md (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Write access to project files (SKILL.md). 4. Sanitization: Absent. This vulnerability surface is documented as safe given the local-only workflow and the intended purpose of generating developer-managed configuration files.
Audit Metadata