yy-frontend-vue3-doc
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied Vue components to generate structured comments, which presents a surface for indirect instructions. * Ingestion points: User-provided Single File Component (SFC) content processed in 'Stage 1'. * Boundary markers: The instructions do not define any delimiters or safety warnings to treat user input as untrusted data. * Capability inventory: The skill has no dangerous capabilities (no file system access, network operations, or shell execution). * Sanitization: No input sanitization or validation is implemented.
- [METADATA_POISONING]: A discrepancy exists between the author name in metadata.json ('wengdongyang') and the system author context ('bulls-cows').
Audit Metadata