vvvv-debugging
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local PowerShell commands to search for the vvvv installation directory via the Windows Registry and the Program Files directory. This is standard behavior for development tools seeking to integrate with existing software.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads metadata from workspace files (such as .csproj and .vl files) to automatically populate generated configuration files.
- Ingestion points: Workspace scanning of .csproj, .sln, .vl, and package folders.
- Boundary markers: Not present.
- Capability inventory: Generation of .vscode/launch.json and .vscode/tasks.json which execute local binaries.
- Sanitization: Not present.
- [COMMAND_EXECUTION]: The skill generates build tasks that execute dotnet build or MSBuild.exe. These are standard development tools and the execution is confined to the user's local build environment.
Audit Metadata