vibe-security-skill
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a security documentation and review toolkit. All analyzed content serves the purpose of educating on and improving application security.
- [COMMAND_EXECUTION]: Static detectors flagged potentially destructive shell commands (e.g.,
rm -rf /) inreferences/file-upload-security.md. These are manually verified as educational examples of filename injection attacks used to teach defensive programming, not instructions for agent execution. - [EXTERNAL_DOWNLOADS]: The documentation references well-known services and security tools, such as Stripe, AWS, and Mozilla Observatory. These references target reputable sources and are appropriate for a security-focused skill.
Audit Metadata