integration-vue-3
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill requires the agent to read and analyze 10 to 15 files from a user's project, as well as source code within the node_modules directory. This ingestion of untrusted data creates an indirect prompt injection surface where instructions hidden in the codebase could influence agent behavior.
- [COMMAND_EXECUTION]: The integration workflow instructs the agent to execute linter, build, or formatting scripts found in the project's package.json. While routine for development agents, this provides a mechanism for executing arbitrary commands defined in the project's configuration.
- [SAFE]: The skill encourages secure handling of sensitive data by explicitly instructing the use of environment variables for PostHog project tokens and host URLs instead of hardcoding them.
- [SAFE]: All network activity described in the documentation and example code is directed to official PostHog domains, which is consistent with the skill's stated purpose as a vendor integration.
Audit Metadata