Skills
skills/uinaf/skills/viteplus/Gen Agent Trust Hub

viteplus

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions to read and incorporate guidance from local repository files, creating a surface for indirect prompt injection.
  • Ingestion points: Workflow Step 2 in SKILL.md and references/bootstrap.md (Steps 3 and 5) direct the agent to inspect AGENTS.md, CLAUDE.md, or other local rules files.
  • Boundary markers: The instructions do not specify boundary markers or provide warnings to disregard instructions embedded within these external files.
  • Capability inventory: The skill allows the agent to modify critical repository configuration files (e.g., package.json, CI workflows) and execute vp toolchain commands.
  • Sanitization: There is no mention of sanitizing or validating the contents of the guidance files before the agent follows their instructions.
  • [EXTERNAL_DOWNLOADS]: The skill references and integrates an external GitHub Action for CI/CD setup.
  • Evidence: SKILL.md and references/ci-cd.md recommend using voidzero-dev/setup-vp@v1 for automating environment setup and caching.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the vp CLI tool for various operations including environment setup, package installation, and upgrading the tool itself.
  • Evidence: Various files (e.g., SKILL.md, references/commands.md) use commands such as vp install, vp check, vp test, vp upgrade, and vp update to perform migration and validation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 10:54 PM