Skills
skills/meta-quest/agentic-tools/hz-vrc-check/Gen Agent Trust Hub

hz-vrc-check

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to download and run the @meta-quest/hzdb utility from the npm registry. This is an official developer tool provided by the vendor for on-device testing and debugging purposes.
  • [COMMAND_EXECUTION]: The skill executes various command-line utilities, including grep, aapt, apksigner, and hzdb, to audit application source code, manifests, and binaries to ensure they meet the platform's publishing standards.
  • [SAFE]: The skill identifies an attack surface for indirect prompt injection as it processes untrusted application data such as APKs and source code. 1. Ingestion points: File auditing via aapt and grep (SKILL.md). 2. Boundary markers: Absent in the provided command examples. 3. Capability inventory: Shell command execution (all files). 4. Sanitization: No specific sanitization logic is provided in the instructions. Since the skill is intended for developer audits using standard platform tools, this represents standard operational behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 05:21 PM
Security Audit — agent-trust-hub — hz-vrc-check