veltra-vite
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to read and process untrusted data from the local project environment, such as configuration files and directory structures.\n
- Ingestion points: Project files including package.json, vite.config.ts, and node_modules contents accessed in references/source-discovery.md and references/troubleshooting.md.\n
- Boundary markers: Absent; there are no specific instructions or delimiters provided to the agent to prevent it from obeying instructions embedded within the analyzed files.\n
- Capability inventory: The skill utilizes shell search commands (ripgrep) and has the capability to read any file within the project directory.\n
- Sanitization: No content validation or sanitization routines are described for handling the ingested project data.
Audit Metadata