Skills
skills/oimiragieo/agent-studio/vueuse-library-rule/Gen Agent Trust Hub

vueuse-library-rule

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from the source directory using powerful file-modification tools.\n
  • Ingestion points: The skill reads all project files matching the glob src/**/*.*.\n
  • Boundary markers: No delimiters or explicit instructions are provided to distinguish between the agent's instructions and potentially malicious content within the source files.\n
  • Capability inventory: The agent has access to Read, Write, and Edit tools, allowing it to modify the file system if it inadvertently follows instructions embedded in source code.\n
  • Sanitization: There is no sanitization or validation of the file contents before they are processed by the LLM.\n- COMMAND_EXECUTION (LOW): The skill's 'Memory Protocol' contains a hardcoded instruction to execute a shell command to manage its internal state.\n
  • Evidence: The instruction cat .claude/context/memory/learnings.md is present in the SKILL.md file.\n
  • Context: While this is a command execution pattern, its impact is limited to reading a specific, local, non-sensitive configuration file used for persistence in certain agent environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM