vue-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No malicious instructions, data exfiltration patterns, or obfuscation were detected. All content is educational and relates to Vue.js development.
- Unverifiable Dependencies & Remote Code Execution (INFO): The skill suggests installing official Vue ecosystem packages (e.g.,
vue-component-type-helpers,@vue/language-server). These are from trusted sources (the Vue.js organization) and are appropriate for the skill's purpose. Per [TRUST-SCOPE-RULE], these findings are downgraded to INFO. - Indirect Prompt Injection (INFO): The skill is designed to review user-provided Vue components (untrusted data). However, its capability tier is 'display only' as it provides reasoning and advice without any write or execution permissions, posing no risk to the host system.
Audit Metadata