vue-development-guides
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill instructs the agent to review and refactor external Vue.js/Nuxt project files, which is a high-severity vulnerability surface for indirect prompt injection. Malicious code or comments within the processed files could subvert the agent's logic. \n
- Ingestion points: Ingests untrusted Vue.js and Nuxt.js component files during review and refactoring tasks (SKILL.md). \n
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the guides. \n
- Capability inventory: The agent is authorized to refactor code, which involves file modification capabilities across the project. \n
- Sanitization: No validation or sanitization of the input code's comments or metadata is implemented.
- [Prompt Injection] (SAFE): No direct prompt injection or safety bypass patterns were detected in the skill's instructions.
- [Data Exposure] (SAFE): No hardcoded credentials or sensitive file paths are present. The reactivity guide includes standard API fetch examples that follow best practices.
- [Obfuscation] (SAFE): All skill content is provided in clear, human-readable markdown with no evidence of encoding or hidden characters.
Recommendations
- AI detected serious security threats
Audit Metadata