element-plus-vue3
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill provides instructions and templates for installing external Node.js packages including 'element-plus', 'unplugin-vue-components', and 'unplugin-auto-import' via npm, yarn, and pnpm. It also includes examples of using the unpkg.com CDN to load Vue and Element Plus. These references are appropriate for a documentation skill and point to trusted, standard sources in the web development ecosystem, qualifying for a downgrade to LOW per security guidelines.
- PROMPT_INJECTION (SAFE): No patterns of prompt injection, such as attempts to override system instructions or bypass safety filters, were found. The instructional language is natural and focused on technical guidance.
- DATA_EXFILTRATION (SAFE): No evidence of unauthorized data access, sensitive file path usage (e.g., .env, .ssh), or malicious network exfiltration was detected.
- REMOTE_CODE_EXECUTION (SAFE): While the skill mentions 'npx' and package installation commands in documentation snippets, it does not contain scripts that execute remote code on the host environment during the skill's own operation.
Audit Metadata