Skills
skills/vibery-studio/templates/project-blueprint/Gen Agent Trust Hub

project-blueprint

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute npx vibery list and npx vibery search to dynamically fetch component metadata. This relies on the npm registry to execute the 'vibery' package.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill is designed to generate installation recipes that download third-party agents, MCPs, and hooks from an external ecosystem (Vibery).
  • [DATA_EXPOSURE] (LOW): The skill accesses local project manifest files such as package.json, requirements.txt, go.mod, and Cargo.toml to identify the current development environment. This behavior is necessary for its stated purpose but constitutes file system access.
  • [INDIRECT_PROMPT_INJECTION] (LOW):
  • Ingestion points: Reads content from package.json, requirements.txt, go.mod, and Cargo.toml.
  • Boundary markers: None present; the agent treats the content of these files as factual input for tech stack classification.
  • Capability inventory: Can execute npx shell commands and write configuration files like CLAUDE.md.
  • Sanitization: None; the skill assumes these files are standard package manifests.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:41 PM