Skills
skills/wenjunduan/rlues/vibe-init/Gen Agent Trust Hub

vibe-init

Fail

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs broad filesystem scanning, reading configuration files such as package.json, pyproject.toml, Cargo.toml, and go.mod to detect the project's technology stack.
  • [EXTERNAL_DOWNLOADS]: The skill references an external repository or directory (riper-pace/templates/) as the source for all project templates used during initialization. This source is not verified or trusted.
  • [REMOTE_CODE_EXECUTION]: The skill dynamically generates a shell script (.ai_state/init.sh) that includes commands derived from the external templates. It then automatically grants execution permissions (chmod +x) and runs the script using bash. This pattern allows for the execution of arbitrary code if the external templates are compromised or malicious.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 2, 2026, 10:37 PM