vibe-code-auditor
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is composed of purely instructional prompts and heuristic tables for code analysis. It does not require or request tools for file system access, network communication, or code execution.
- [PROMPT_INJECTION]: The skill is designed to analyze user-provided code, creating a surface for indirect prompt injection where malicious code could attempt to influence the agent's audit report. Ingestion points: Source code snippets and files provided by the user (SKILL.md). Boundary markers: Absent; the instructions do not specify markers to isolate untrusted code from instructions. Capability inventory: The agent is restricted to generating text analysis and code recommendations; no execution tools are defined. Sanitization: None; the skill does not perform validation on the input source code.
Audit Metadata