vitron-ai/alethia
Agent-native E2E runtime with verifiable safety. 16 MCP tools including alethia_propose_tests (agent generates tests from a URL), alethia_assert_safety (proves destructive actions are blocked), and the expect block: NLP primitive unique to Alethia. Zero-IPC; 2-5x faster than Playwright MCP per flow; signed evidence packs. Works with Claude Code, Cursor, Cline.
95
94%
Does it follow best practices?
Impact
98%
2.80xAverage score across 5 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call alethia_propose_tests / alethia_assert_safety with an arbitrary target URL and to consume returned pageContext (title, headings, buttons, inputs), PlanRun step results, and screenshots—i.e., it fetches and interprets untrusted third‑party web pages as part of its workflow, which can materially influence subsequent actions.
- Audited
- Security analysis