Skills
skills/popmechanic/vibes-cli/launch/Gen Agent Trust Hub

launch

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses sensitive authentication and configuration files at ~/.vibes/auth.json and ~/.vibes/.env to manage deployment tokens and API keys.
  • [CREDENTIALS_UNSAFE]: The OPENROUTER_API_KEY is passed as a command-line argument (--ai-key) to the deploy-cloudflare.js script, which can expose the secret to other users or processes on the system.
  • [COMMAND_EXECUTION]: The skill executes dynamic JavaScript code blocks using bun -e and runs various local scripts for server hosting, code assembly, and deployment.
  • [PROMPT_INJECTION]: Potential command injection vulnerability exists where the skill instructs the agent to interpolate user-provided prompts directly into shell commands (e.g., bun ... --prompt "USER_PROMPT_HERE") without sanitization.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified:
  • Ingestion points: User input appPrompt is collected via AskUserQuestion in SKILL.md and passed to a sub-agent.
  • Boundary markers: Absent; the user input is directly interpolated into the prompts/builder.md template.
  • Capability inventory: The builder sub-agent is granted broad tool access including Read, Write, Edit, and Bash to perform its generation tasks.
  • Sanitization: No validation or escaping is performed on the appPrompt before it is processed by the sub-agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 07:25 PM
Security Audit — agent-trust-hub — launch