Skills
skills/vibeeval/vibecosystem/validate-agent/Gen Agent Trust Hub

validate-agent

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script "scripts/braintrust_analyze.py" via "uv run". It interpolates the "" variable directly into the shell command, which creates a risk of command injection if the path is manipulated.
  • [PROMPT_INJECTION]: The agent processes untrusted data from technical plans and then uses its capabilities to perform web searches and local script execution.
  • Ingestion points: Technical plan content and file paths provided at runtime in Step 1 and Step 2.
  • Boundary markers: None specified in the instructions to distinguish untrusted plan content from agent instructions.
  • Capability inventory: Shell command execution via "uv run", web search via "WebSearch", and file writing to a handoff directory.
  • Sanitization: No explicit sanitization steps are defined for the plan content or the plan path before they are used in downstream tools or commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 07:46 AM
Security Audit — agent-trust-hub — validate-agent