Skills
skills/udecode/dotai/sync-vision/Gen Agent Trust Hub

sync-vision

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/collect-vision-diff.mjs executes git commands using Node.js spawnSync. While parameters are primarily derived from the repository state, user-supplied arguments like --base and --target are passed to the script, which in turn are passed to git.
  • [PROMPT_INJECTION]: The skill processes potentially untrusted data from git diffs and repository files to influence modifications to the critical VISION.md file, creating an indirect prompt injection surface.
  • Ingestion points: The script scripts/collect-vision-diff.mjs reads file contents and git diff output to identify candidate lines for the project vision.
  • Boundary markers: The script structures output into TSV and Markdown files, but lacks explicit instructions or markers to prevent the agent from obeying malicious instructions embedded within the processed text.
  • Capability inventory: The agent is explicitly instructed to patch the VISION.md file and route instructions to other project components (skills, research docs, etc.) based on its analysis of this data.
  • Sanitization: Although candidate lines are truncated to 500 characters, no formal sanitization or escaping of the extracted text is performed before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 10:53 PM
Security Audit — agent-trust-hub — sync-vision