Skills
skills/khazp/vibe-coding-prompt-template/vibe-research/Gen Agent Trust Hub

vibe-research

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the web using WebSearch and WebFetch tools to generate research reports.
  • Ingestion points: External data retrieved via WebSearch and WebFetch tools in the 'Generate Research Prompt' step.
  • Boundary markers: Absent. The prompt instructions do not use delimiters or provide 'ignore embedded instructions' warnings for the data retrieved from external sources.
  • Capability inventory: The skill has access to Write, Read, Glob, Grep, WebSearch, and WebFetch tools. It lacks arbitrary command execution or remote code execution capabilities.
  • Sanitization: Absent. There is no evidence of validation or filtering of the retrieved web content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 05:55 AM