RRepoGEO

REPOGEO REPORT · LITE

raroque/vibe-security-skill

Default branch main · commit 850938f2 · scanned 6/12/2026, 7:57:57 AM

GitHub: 753 stars · 92 forks

AI VISIBILITY SCORE
28 /100
Critical
Category recall
0 / 2
Not recommended in any query
Rule findings
1 pass · 1 warn · 0 fail
Objective metadata checks
AI knows your name
2 / 3
Direct prompts that named your repo
HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface raroque/vibe-security-skill, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

2 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION
  • highreadme#1
    Reposition the README's opening paragraph to clarify its 'agent skill' nature

    Why:

    CURRENT
    An agent skill that helps secure vibe-coded apps - or honestly any app - from common security vulnerability patterns. Built by Chris Raroque (@raroque) in collaboration with my colleagues at Aloa.
    COPY-PASTE FIX
    This agent skill extends AI coding assistants (like Claude Code, OpenAI Codex) to audit AI-generated code for common security vulnerabilities. It helps secure 'vibe-coded' applications – or any app built with AI – by catching patterns like hardcoded secrets, missing RLS, or insecure payment flows before they ship.
  • mediumhomepage#2
    Add a homepage URL to the repository metadata

    Why:

    COPY-PASTE FIX
    https://github.com/raroque/vibe-security-skill

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall
0 / 2
0% of queries surface raroque/vibe-security-skill
Avg rank
Lower is better. #1 = top recommendation.
Share of voice
0%
Of all named tools, what % are you?
Top rival
Snyk Code
Recommended in 2 of 2 queries
COMPETITOR LEADERBOARD
  1. Snyk Code · recommended 2×
  2. Checkmarx SAST (CxSAST) · recommended 2×
  3. Veracode Static Analysis · recommended 2×
  4. zaproxy/zaproxy · recommended 1×
  5. github/codeql · recommended 1×
  • CATEGORY QUERY
    How to prevent common security vulnerabilities in AI-generated application code?
    you: not recommended
    AI recommended (in order):
    1. Snyk Code
    2. Checkmarx SAST (CxSAST)
    3. OWASP ZAP (Zed Attack Proxy) (zaproxy/zaproxy)
    4. Veracode Static Analysis
    5. GitHub Advanced Security (Code scanning with CodeQL) (github/codeql)
    6. DeepCode AI
    7. Semgrep (returntocorp/semgrep)

    AI recommended 7 alternatives but never named raroque/vibe-security-skill. This is the gap to close.

    Show full AI answer
  • CATEGORY QUERY
    What tools help AI coding assistants identify and fix security flaws?
    you: not recommended
    AI recommended (in order):
    1. Snyk Code
    2. Checkmarx SAST (CxSAST)
    3. SonarQube
    4. OWASP ZAP (Zed Attack Proxy)
    5. Veracode Static Analysis
    6. Bandit
    7. Semgrep

    AI recommended 7 alternatives but never named raroque/vibe-security-skill. This is the gap to close.

    Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

  • Metadata completeness
    warn

    Suggestion:

  • README presence
    pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

  • Compared to common alternatives in this category, what is the core differentiator of raroque/vibe-security-skill?
    pass
    AI did not name raroque/vibe-security-skill — likely talking about a different project

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • If a team adopts raroque/vibe-security-skill in production, what risks or prerequisites should they evaluate first?
    pass
    AI named raroque/vibe-security-skill explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • In one sentence, what problem does the repo raroque/vibe-security-skill solve, and who is the primary audience?
    pass
    AI named raroque/vibe-security-skill explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of raroque/vibe-security-skill. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

RepoGEO badge previewLive preview
MARKDOWN (README)
[![RepoGEO](https://repogeo.com/badge/raroque/vibe-security-skill.svg)](https://repogeo.com/en/r/raroque/vibe-security-skill)
HTML
<a href="https://repogeo.com/en/r/raroque/vibe-security-skill"><img src="https://repogeo.com/badge/raroque/vibe-security-skill.svg" alt="RepoGEO" /></a>
Pro

Subscribe to Pro for deep diagnoses

raroque/vibe-security-skill — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

  • Deep reports10 / month
  • Brand-free category queries5 vs 2 in Lite
  • Prioritized action items8 vs 3 in Lite