Skills
skills/vibeeval/vibecosystem/repoprompt/Gen Agent Trust Hub

repoprompt

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes the Bash tool to execute the rp-cli utility for core functions including codebase mapping (structure), file searching, and reading specific line ranges.
  • [COMMAND_EXECUTION]: Invokes local Python scripts via uv run python -m runtime.harness scripts/repoprompt_async.py to manage asynchronous operations like long-running context builds.
  • [DATA_EXFILTRATION]: Provides the ability to export compiled codebase context and selection metadata to local files (e.g., using redirection to ~/exports/). It also includes a chat command that transmits queries to RepoPrompt's external AI models.
  • [PROMPT_INJECTION]: Presents a surface for indirect prompt injection by ingesting and processing content from external codebases that may contain adversarial instructions.
  • Ingestion points: Data enters the agent context through the read, search, and structure commands in SKILL.md.
  • Boundary markers: The instructions do not define specific delimiters or "ignore" instructions for the ingested code content.
  • Capability inventory: The skill is configured with access to Bash and Read tools.
  • Sanitization: No explicit sanitization or filtering of codebase content is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:04 AM
Security Audit — agent-trust-hub — repoprompt