native-to-weapp-vite-wevu-migration
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted user-provided mini-program source code during the migration process.
- Ingestion points: Native mini-program source files (js, wxml, wxss, json) provided by the user as described in SKILL.md.
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands in the source code.
- Capability inventory: The skill generates executable Vue SFC code and suggests running build and test commands like pnpm build and e2e validation (SKILL.md).
- Sanitization: No input validation or sanitization of the provided source code is mentioned or performed.
Audit Metadata