The Agent Skills Directory

NO_CODE (SAFE): The skill folder consists entirely of Markdown documentation files (.md). No active code files (.js, .ts, .py, .sh) or executable binaries are included in the skill content.
Prompt Injection (SAFE): Systematic review of the 182 documentation files found no evidence of prompt injection patterns. The content uses instructional language appropriate for its purpose as a technical guide (e.g., "Task Checklist", "Good Code", "Bad Code") without attempting to override agent behavior or bypass safety filters.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or sensitive file path access were detected. The skill contains specific guidance on security best practices, such as preventing cross-request state pollution in SSR applications and avoiding XSS via v-html.
Indirect Prompt Injection (SAFE): While the skill contains examples of malicious payloads (e.g., XSS script tags) within "Incorrect" code blocks for educational purposes, the skill does not ingest untrusted data or possess any capabilities (like network fetching or command execution) that would make it vulnerable to indirect injection.
Unverifiable Dependencies & Remote Code Execution (SAFE): The documentation references various third-party libraries (e.g., gsap, immer, xstate, vue-virtual-scroller), but these are provided as implementation advice for the user. The skill itself has no package.json or installation scripts.
Metadata Poisoning (SAFE): The frontmatter and metadata in all analyzed files are descriptive and accurately reflect the content of the documentation. No deceptive or misleading metadata was identified.

vue-best-practices