vibe-build
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by relying on external data to drive its behavior.
- Ingestion points: The agent reads the master plan from AGENTS.md and detailed specifications from agent_docs/ and docs/ PRD/TechDesign files.
- Boundary markers: The skill lacks explicit delimiters or instructions to distinguish between trusted system instructions and potentially untrusted project documentation.
- Capability inventory: The skill has broad capabilities including file system modification (implementing features) and command-line execution (npm test, npm run lint, npm install).
- Sanitization: No validation or sanitization is performed on the content read from external markdown files before it influences agent actions.
- [COMMAND_EXECUTION]: The workflow requires the agent to run various shell commands to verify the build and resolve errors.
- Specific commands mentioned include npm test and npm run lint.
- The skill suggests the agent can install new dependencies (e.g., npm install @supabase/auth-helpers-nextjs) if a build error is encountered. While these are standard developer tools, they are triggered by the contents of the AGENTS.md file, which is an untrusted ingestion point.
Audit Metadata