Skills
skills/quinteroac/nerds-vibecoding-survivor-toolkit/audit-prototype/Gen Agent Trust Hub

audit-prototype

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the nvst command-line utility, specifically nvst write-json and nvst write-technical-debt, to persist audit results and manage technical debt records within the local project environment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from product requirement documents (PRD) and progress tracking files to perform its compliance audit. Maliciously crafted requirements could theoretically attempt to influence the agent's evaluation logic.
  • Ingestion points: Reads configuration and requirements from .agents/flow/it_{iteration}_PRD.json and implementation status from .agents/flow/it_{iteration}_progress.json.
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the processed JSON artifacts.
  • Capability inventory: The skill has the capability to write files to the local filesystem and execute the nvst CLI tool.
  • Sanitization: No explicit content validation or sanitization of the requirement data is specified before it is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 04:49 AM