refine
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing additional skills using 'npx skills add' from Vercel Labs, which is a trusted organization, and from the author's own repository. These references are standard for the ecosystem and are considered safe.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it audits external codebase data.
- Ingestion points: Reads project configuration files such as package.json and tsconfig.json, along with application source code, to perform audits (README.md, SKILL.md).
- Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions when reading file contents (SKILL.md).
- Capability inventory: The agent uses its capabilities to read files and invoke other installed skills based on the analysis of the codebase (SKILL.md).
- Sanitization: There are no explicit validation or sanitization steps mentioned for the content of the files being audited.
Audit Metadata