vitron-ai/alethia
Agent-native E2E runtime with verifiable safety. 13 MCP tools including alethia_propose_tests (agent generates tests from a URL), alethia_assert_safety (proves destructive actions are blocked), and the expect block: NLP primitive unique to Alethia. Zero-IPC, ~45x faster than Playwright, signed evidence packs. Works with Claude Code, Cursor, Cline.
95
94%
Does it follow best practices?
Impact
97%
2.77xAverage score across 5 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to call alethia_propose_tests, alethia_assert_safety, and alethia_tell with a target URL and to read structured pageContext/nearMatches/suggestedFix from the fetched page, meaning it fetches and interprets arbitrary third-party webpages (titles, headings, buttons, inputs) that can materially influence subsequent tool actions.
- Audited
- Security analysis