Skills
skills/popmechanic/vibes-cli/launch/Gen Agent Trust Hub

launch

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it collects a user-provided application description (appPrompt) and interpolates it directly into the instructions for a sub-agent ('builder') in prompts/builder.md. There are no visible boundary markers or sanitization steps to prevent a malicious user from providing instructions that hijack the sub-agent's behavior.
  • Ingestion points: SKILL.md (Section 0.1)
  • Boundary markers: Absent
  • Capability inventory: The skill and its sub-agents have access to powerful tools including Bash, Write, and Edit.
  • Sanitization: Absent
  • [COMMAND_EXECUTION]: The skill frequently uses the Bash tool to execute local scripts via node and bun. The paths to these scripts are dynamically constructed using the VIBES_ROOT variable, which is derived from environment variables. Furthermore, the assembly process in SKILL.md (Section 2.3) interpolates a JSON string (featuresJSON) directly into a shell command using single quotes. If the user-provided features list contains single quotes or other shell-active characters, it could lead to command injection.
  • [DATA_EXFILTRATION]: The skill interacts with sensitive information by reading and writing to ~/.vibes/.env and ~/.vibes/auth.json. This includes authentication tokens and the OPENROUTER_API_KEY. While this is part of its functional purpose, the handling of credentials in plain text files in the user directory presents a risk of exposure to other processes or agents with file system access.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 10:19 AM