ecosystem
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill performs multiple network requests to
vibeindex.aito retrieve statistics and resource lists. This domain is not on the trusted sources list, but the behavior matches the stated purpose of the skill. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data is ingested from multiple
vibeindex.ai/api/endpoints (stats, resources, rising-stars). - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat the fetched data as untrusted text.
- Capability inventory: The skill is limited to fetching data and presenting a dashboard. No capabilities for file writing, shell execution, or sensitive data access were found.
- Sanitization: Absent. The skill does not include instructions to sanitize or validate the external content before displaying it to the user.
Audit Metadata