vibe-coding
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill facilitates a vibe coding loop that involves generating, writing, and executing code at runtime. Although this is the primary purpose, it presents an execution surface. Safety measures include confirmation gates and small, verifiable code diffs.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection as it ingests untrusted user ideas and external design context. Evidence: 1. Ingestion points: Intake questions and project context files. 2. Boundary markers: Present in templates via delimited placeholders. 3. Capability inventory: Subprocess calls and file writing across all scripts. 4. Sanitization: Absent. Findings are restricted to LOW per policy for this category.
Audit Metadata