Skills
skills/vibeeval/vibecosystem/reputation-patterns/Gen Agent Trust Hub

reputation-patterns

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script located at ~/.claude/hooks/dist/canavar-cli.mjs using Node.js to display a leaderboard.- [DATA_EXFILTRATION]: The skill accesses and reads data from hidden local files including ~/.claude/canavar/skill-matrix.json and ~/.claude/canavar/error-ledger.jsonl to extract agent performance metrics.- [INDIRECT_PROMPT_INJECTION]: The skill processes data from the error-ledger.jsonl file which may contain untrusted external data such as failure patterns or error logs.
  • Ingestion points: ~/.claude/canavar/error-ledger.jsonl and ~/.claude/canavar/skill-matrix.json.
  • Boundary markers: None identified in the provided instructions.
  • Capability inventory: Executes local shell commands (cat, jq, node).
  • Sanitization: No explicit sanitization or validation of the ingested file content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:39 PM
Security Audit — agent-trust-hub — reputation-patterns