vue-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions designed to override agent behavior or bypass safety guardrails were detected. Phrases such as 'Rule' or 'Mission Checklist' are used within an educational context for developers.
- Data Exposure & Exfiltration (SAFE): The content consists of static documentation. Code snippets use standard documentation placeholders (e.g., '/api/data') and contain no hardcoded credentials or sensitive file paths. Security-focused files (like v-html-xss-security.md) provide legitimate guidance on preventing vulnerabilities.
- Obfuscation (SAFE): No encoded content, zero-width characters, or homoglyphs were detected. The text is clear and readable.
- Unverifiable Dependencies & Remote Code Execution (SAFE): All referenced libraries (Pinia, Vue Router, GSAP, etc.) are well-known, industry-standard packages in the Vue ecosystem. There are no suspicious remote script downloads or piped bash executions.
- Privilege Escalation (SAFE): No commands related to administrative permissions or system modifications were found.
- Persistence Mechanisms (SAFE): The skill does not attempt to modify startup scripts, system services, or schedule tasks.
- Metadata Poisoning (SAFE): YAML frontmatter is used appropriately for categorization and impact assessment without deceptive intent.
- Indirect Prompt Injection (SAFE): As a static knowledge base, the skill does not ingest untrusted data and lacks an exploitation surface for indirect injection.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating behavior based on time or environmental conditions was found.
- Dynamic Execution (SAFE): The documentation discusses standard framework features like async components and render functions for legitimate development purposes. No unsafe deserialization or dynamic script generation from untrusted sources is present.
Audit Metadata