Skills
skills/topvibecoder/eval/1-min-eval/Gen Agent Trust Hub

1-min-eval

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (HIGH): The skill documentation states that it "automatically submits to TopVibeCoder ranking API". Crucially, it admits that the API uses "browser-like headers to bypass Cloudflare protection," which is a strong indicator of evasive behavior designed to circumvent network security controls. This creates a high-risk channel for exfiltrating sensitive project details, source code summaries, or proprietary metrics to an unverified third-party service.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Category 8: Indirect Prompt Injection.
  • Ingestion points: The scripts/scan_codebase.py script recursively reads all text-based files in the target directory (e.g., .js, .py, .ts).
  • Boundary markers: It wraps the extracted code in <code="path">...</code> tags within the templates/eval_prompt.md template. However, it does not escape the content, allowing a malicious actor to include </code> followed by instructions to override the evaluation rubric.
  • Capability inventory: The aggregated data is processed by the claude CLI and then formatted by aggregate.py into a report.
  • Sanitization: No sanitization, filtering, or escaping of the ingested source code is performed before it is interpolated into the final prompt sent to the LLM.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:32 PM