vvvv-editor-extensions
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No attempts to override agent behavior, bypass safety filters, or extract system prompts were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive files, include hardcoded credentials, or perform network operations.
- [Unverifiable Dependencies] (SAFE): The skill references standard NuGet packages (VL.HDE, VL.Lang) required for vvvv development. It does not contain commands to download or execute third-party scripts at runtime.
- [Persistence Mechanisms] (SAFE): While the documentation mentions that .HDE.vl files run automatically when open in the editor, this is a native feature of the vvvv gamma environment for development tools and is not a malicious persistence technique introduced by the skill.
- [Indirect Prompt Injection] (SAFE): The skill mentions APIs (VL.Lang Session nodes) that can read editor state like node names. While this represents a data ingestion surface, the skill is documentation-only and does not provide logic to process this data in an unsafe manner.
- [NO_CODE] (SAFE): No scripts (.py, .js, .sh) or binaries are included with this skill; it consists entirely of markdown instructions.
Audit Metadata