vibe-coding
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWNO_CODE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override system behavior, bypass safety filters, or extract system prompts. The instructions are focused on guiding the user through software prototyping.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations were detected. The skill does not access or transmit any user data.
- Obfuscation (SAFE): No encoded content (Base64), zero-width characters, or homoglyphs were found. The text is clear and readable.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not include any package management files (package.json, requirements.txt) or commands to download/execute remote scripts.
- Indirect Prompt Injection (SAFE): While the skill involves processing user descriptions for software projects, it does not possess any capabilities (like file writing or command execution) that could be exploited via untrusted input. It acts as a conversational guide.
- Privilege Escalation & Persistence (SAFE): No commands related to system permissions, sudo, or persistence mechanisms (cron, startup scripts) are present.
- Metadata & Dynamic Execution (SAFE): No malicious metadata detected. The skill contains no logic for runtime code generation or unsafe deserialization.
Audit Metadata