Skills
skills/zephyrwang6/myskill/meridian/Gen Agent Trust Hub

meridian

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download the project source code from the author's GitHub repository (github.com/zephyrwang6/VaultPilot.git).
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to manage the project environment, including cloning repositories, installing packages via npm install, and running a local development server. It also uses the cat command to read design templates from the local filesystem.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data (local design files) which is then interpolated into code generation tasks.
  • Ingestion points: Reading local reference files via cat in SKILL.md.
  • Boundary markers: Not used.
  • Capability inventory: File system writes to create components and modify project routing, plus full shell command execution for build and run tasks.
  • Sanitization: Not used.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 03:17 PM