convert-to-vite
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions and operations were analyzed across all ten threat categories, and no security issues or malicious patterns were found.
- [COMMAND_EXECUTION]: The skill requires running standard development commands such as
npx viteandnpx vite build. These are well-known commands used for building and serving web applications and are appropriate for the skill's stated purpose. - [EXTERNAL_DOWNLOADS]: The skill specifies the installation of
viteas a development dependency. Vite is a trusted and widely-used open-source build tool from the official npm registry. - [PROMPT_INJECTION]: The skill processes external data (user game files) which presents a potential surface for indirect prompt injection.
- Ingestion points: Reads content from existing
index.htmland script files in the game directory. - Boundary markers: Not explicitly defined; the agent processes code directly from source files.
- Capability inventory: File system write operations to reorganize the project and subprocess execution via
npxfor verification. - Sanitization: No explicit sanitization of extracted code is mentioned, which is standard for local development tools designed to refactor existing user code.
Audit Metadata