vibe-security-skill
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as an educational resource, providing guidance on how to identify vulnerabilities like hardcoded secrets and insecure auth patterns. It does not contain executable code or commands that pose a risk to the user's environment.- [EXTERNAL_DOWNLOADS]: The documentation references the skill's own GitHub repository (github.com/raroque/vibe-security-skill) for installation purposes, which is a standard distribution method and matches the author's identity.- [SAFE]: While the skill contains examples of hardcoded credentials (e.g., JWT tokens and API keys), these are explicitly labeled as 'Bad Patterns' for auditing purposes and are not functional or malicious.
Audit Metadata