vibe-dev-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions focus on methodology and code quality standards. There are no patterns suggesting attempts to bypass safety filters or disregard prior constraints.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were identified. The skill defines a standard local project structure but does not include commands to send data externally.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No remote script downloads (curl|bash) or package installations are triggered by this skill. It mentions standard files like
requirements.txtas part of a project template but does not execute them. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process user-provided project requirements which could theoretically contain malicious instructions.
- Ingestion points: User-provided requirement descriptions in 'Mode 1'.
- Boundary markers: Not explicitly defined in the provided markdown.
- Capability inventory: Code generation, refactoring, and file structure organization.
- Sanitization: Not explicitly mentioned; relies on the underlying LLM's default sanitization.
- Dynamic Execution (SAFE): No use of
eval(),exec(), or runtime compilation of generated code is present in the skill definition.
Audit Metadata