vue-expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains a mandatory 'Memory Protocol' section that instructs the agent to execute a shell command:
cat .claude/context/memory/learnings.md. This bypasses standard tool usage by prescribing a specific bash command for state management. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality and toolset.
- Ingestion points: The skill ingests code snippets provided by users for review and operates on local files specified in the
targetinput parameter. - Boundary markers: There are no explicit instructions or delimiters used to separate user-provided code from the agent's internal instructions.
- Capability inventory: The skill has access to powerful tools including
Bash,Write,Edit, andGrep, allowing for arbitrary command execution and file system modification. - Sanitization: The skill does not implement sanitization or validation of the code it reviews to prevent embedded instructions from influencing the agent's behavior.
Audit Metadata