Skills
skills/popmechanic/vibes-cli/test/Gen Agent Trust Hub

test

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive credentials, including OpenRouter API keys and OIDC authentication details.
  • Evidence: It reads and writes these keys to ~/.vibes/.env and test-vibes/.env using the Bash tool.
  • Evidence: API keys are passed as command-line arguments to the deployment scripts (e.g., --ai-key <key>).
  • [COMMAND_EXECUTION]: The skill performs several shell operations to assemble, deploy, and verify the application.
  • Evidence: Uses bun to execute local scripts within the project directory, such as assemble.js and deploy-cloudflare.js.
  • Evidence: Utilizes sed and echo to programmatically update configuration files in the user's local environment.
  • Evidence: Employs curl to verify the status of deployed services on Cloudflare Workers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:24 PM