vet

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the 'verify-everything' package using pip, pipx, or uv. It also references the 'imbue-ai/vet' GitHub repository for updates to skill files and scripts.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to manage the code review process, including searching for session files with 'grep', listing sessions via the 'opencode' CLI, and executing history-loader scripts with 'python3'.
  • [DATA_EXFILTRATION]: To perform its primary function, the tool reads potentially sensitive information including conversation history and git diffs from local directories (e.g., ~/.codex/sessions/ or ~/.claude/projects/). This data is analyzed by the configured LLM to provide code feedback.
  • [PROMPT_INJECTION]: The tool exhibits an indirect prompt injection surface (Category 8) as it ingest untrusted data from git diffs and past conversation sessions. The skill includes guidance for the agent to interpret this data and disregard results that do not pertain to its own changes.
  • Ingestion points: Git diffs and local session files (~/.codex/sessions/, ~/.claude/projects/).
  • Boundary markers: Not explicitly defined in the provided CLI examples.
  • Capability inventory: File system read access and subprocess execution via 'python3'.
  • Sanitization: Not explicitly implemented in the skill's markdown instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 12:17 AM
Security Audit — agent-trust-hub — vet