Skills
skills/rinbarpen/vibe-coding/vibe-coding-toolkit/Gen Agent Trust Hub

vibe-coding-toolkit

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill integrates the skill-seekers tool from an external GitHub repository and promotes the automated scraping of documentation from arbitrary web URLs.
  • [COMMAND_EXECUTION]: The toolkit defines several executable commands including uv sync, uv run, and vibe-check. It explicitly guides agents to use a shell subagent for environment configuration and Git operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting external, untrusted data to build agent skills. * Ingestion points: SKILL.md and standards/development-workflow.md via skill-seekers. * Boundary markers: None identified in instructions. * Capability inventory: Subprocess execution via uv and shell subagent in AGENTS.md and CLAUDE.md. * Sanitization: No sanitization or validation of scraped content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:10 AM