vue-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's primary function involves processing external, untrusted Vue source code to assist in writing, reviewing, or refactoring components. This creates a significant attack surface where malicious code comments or template structures could influence the agent's behavior. • Ingestion points: .vue components, props, and templates (referenced in capability rules). • Boundary markers: No delimiting or 'ignore embedded instructions' markers are specified in the manifest. • Capability inventory: Code modification, writing, and refactoring (high-privilege actions). • Sanitization: No evidence of input sanitization or validation for ingested code snippets is provided.
Recommendations
- AI detected serious security threats
Audit Metadata