vueuse
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The installation instructions reference legitimate @vueuse packages via pnpm from the official npm registry.
- [DATA_EXFILTRATION] (SAFE): Composables like useFetch and useAxios are provided for standard web requests. Examples utilize public testing endpoints (httpbin.org, jsonplaceholder.typicode.com) and do not contain hardcoded secrets or suspicious data exfiltration logic.
- [REMOTE_CODE_EXECUTION] (SAFE): useScriptTag and useWebWorker are documented for their intended purpose of managing browser-side scripts and workers. No shell-level piped execution or malicious RCE patterns are present.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill documents surfaces for data ingestion (e.g., useFetch, useWebSocket). Mandatory Evidence Chain: 1. Ingestion points: useFetch, useAxios, useWebSocket, useEventSource. 2. Boundary markers: Absent in provided snippets. 3. Capability inventory: Browser-side execution only (DOM manipulation, local storage, network fetch). 4. Sanitization: Not explicitly shown in these documentation examples as it is an implementation detail for the developer. These utilities are standard frontend tools and do not interpret fetched data as instructions for the agent itself.
Audit Metadata