vue-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The content is strictly educational and focused on Vue.js framework usage.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected. Code examples use standard placeholders like
/api/usersorapiKeyfor demonstration purposes. - Obfuscation (SAFE): No Base64, zero-width characters, or other obfuscation techniques were identified in the 180 files.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The documentation mentions standard packages like Vue, Pinia, and GSAP. No suspicious remote script executions (e.g., curl | bash) were found.
- Privilege Escalation (SAFE): No commands involving sudo, chmod 777, or other privilege escalation vectors were detected.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or registry keys were found.
- Metadata Poisoning (SAFE): Metadata in YAML frontmatter is consistent with documentation titles and tags.
- Indirect Prompt Injection (SAFE): The skill is a static reference library and does not include tools that ingest untrusted external data into the AI context.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating malicious behavior based on dates or environment variables was found.
- Dynamic Execution (SAFE): While the documentation discusses the hazards of
v-htmland XSS, it does not execute dynamic code or use unsafe deserialization. It provides defensive coding patterns to prevent such vulnerabilities.
Audit Metadata