Skills
skills/sickn33/antigravity-awesome-skills/vibers-code-review/Gen Agent Trust Hub

vibers-code-review

Fail

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly instructs users to include authentication credentials (email/password) in the body of Git commit messages for testing purposes, which exposes secrets in the repository's permanent history.
  • [DATA_EXFILTRATION]: Setup requires adding an external GitHub user marsiandeployer as a collaborator, granting complete access to the repository's source code and configuration to an external party.
  • [DATA_EXFILTRATION]: The skill provides a mechanism to send repository metadata and messages to an external endpoint (vibers.onout.org) via a feedback command.
  • [EXTERNAL_DOWNLOADS]: The workflow relies on a third-party GitHub Action marsiandeployer/vibers-action@v1 which executes external code within the user's continuous integration environment.
  • [COMMAND_EXECUTION]: The documentation includes a pre-formatted curl command that sends repository data and user-provided messages to an external server.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 04:05 PM