Skills
skills/uxuiprinciples/agent-skills/vibe-coding-advisor/Gen Agent Trust Hub

vibe-coding-advisor

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines tools that execute curl commands to interact with an external API. These commands are strictly scoped to the vendor's domain and are used for data retrieval only.
  • [EXTERNAL_DOWNLOADS]: Enriched prompts and UX principle data are fetched from https://uxuiprinciples.com. As this is the author's official domain, the operation is considered part of the skill's core functionality.
  • [SAFE]: Sensitive information is handled securely using the UXUI_API_KEY environment variable, preventing the exposure of hardcoded credentials.
  • [SAFE]: Evaluation of Indirect Prompt Injection surface:
  • Ingestion points: The skill ingests user component descriptions and data retrieved from the uxuiprinciples.com API.
  • Boundary markers: The output employs --- separators to distinguish between different principle-based context blocks.
  • Capability inventory: The skill's functionality is limited to text generation; it does not possess capabilities to execute code, modify files, or perform unauthorized network operations.
  • Sanitization: While no explicit sanitization is noted, the risk is mitigated by the use of a trusted vendor-controlled data source.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 09:23 AM