vibe-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found. The skill uses natural instructional language to guide the user through a workflow.- [DATA_EXFILTRATION]: The skill reads local project files such as research documents and PRDs to track progress. These are project-specific assets and do not include sensitive system files, credentials, or personal data. No network operations were detected.- [REMOTE_CODE_EXECUTION]: There are no commands or patterns associated with downloading or executing remote code or scripts.- [COMMAND_EXECUTION]: The skill does not perform any system-level command execution or subprocess spawning.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from local files (e.g.,
docs/research-*.txt) to inform its workflow steps. While this is an ingestion point, the skill itself lacks dangerous capabilities (like network access or file writing) that could be exploited via indirect injection. Ingestion points:docs/research-*.txt,docs/PRD-*.md,docs/TechDesign-*.md,AGENTS.md. Boundary markers: None. Capability inventory: None. Sanitization: None.
Audit Metadata