Skills
skills/vibeeval/vibecosystem/help/Gen Agent Trust Hub

help

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes Bash scripts to iterate over the .claude/skills and .claude/agents directories, using grep to extract metadata fields for discovery purposes.
  • [COMMAND_EXECUTION]: It invokes a local Python-based utility (recall_learnings.py) via 'uv run' to provide memory search functionality for the user.
  • [COMMAND_EXECUTION]: The documentation provides examples for using various CLI tools such as tldr and Godel-Prover for structural analysis and formal verification.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface as it reads and displays content from workspace configuration files. 1. Ingestion points: .claude/skills/ and .claude/agents/ markdown files; 2. Boundary markers: Absent; 3. Capability inventory: Bash, Read, Glob, Grep; 4. Sanitization: Metadata discovery is filtered via grep, but full file content is rendered during specific deep-dive lookups.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:03 AM
Security Audit — agent-trust-hub — help