vue-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- Category 8: Indirect Prompt Injection (SAFE): The skill provides a large knowledge base of Vue.js best practices. While this content influences AI behavior, it does so by providing legitimate coding standards and security advice (e.g., warnings against XSS).
- Ingestion points: None. The skill does not define any executable tools or functions that process runtime data.
- Boundary markers: N/A.
- Capability inventory: No subprocess calls, file-write, or network operations are provided as tools for the agent.
- Sanitization: N/A.
- Category 4: Unverifiable Dependencies & RCE (SAFE): Code blocks in the documentation reference well-known, legitimate libraries (e.g., GSAP, Pinia, Axios, DOMPurify). No suspicious or remote script executions (such as
curl | bash) are present. - Category 2: Data Exposure & Exfiltration (SAFE): Some examples use placeholder variables like
apiKeyortoken, but no hardcoded credentials or sensitive file paths are accessed or exfiltrated. Documentation such asv-html-xss-security.mdcorrectly educates on preventing data exposure.
Audit Metadata