Skills
skills/sonofmagic/skills/weapp-vite-best-practices/Gen Agent Trust Hub

weapp-vite-best-practices

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to treat files such as AGENTS.md and node_modules/weapp-vite/dist/docs/ as "AI contracts" (SKILL.md, agents/openai.yaml).
  • Ingestion points: AGENTS.md and node_modules/weapp-vite/dist/docs/ serve as external sources of instructions.
  • Boundary markers: There are no boundary markers or explicit instructions provided to the agent to disregard potentially malicious instructions embedded within these files.
  • Capability inventory: The skill grants the agent authority to execute CLI commands (wv, weapp-vite, weapp-ide-cli) that can modify projects or upload code to the IDE.
  • Sanitization: No sanitization or validation logic is defined for the content ingested from these documentation and contract files.
  • [COMMAND_EXECUTION]: The skill relies on the execution of various local command-line tools to perform its tasks.
  • Evidence: Instructions include running wv prepare, wv screenshot, wv compare, and wv ide logs to manage the development and debugging process (SKILL.md, references/ide-command-playbook.md).
  • Context: These commands are standard for the developer's workflow but could be targeted by indirect injections found in the project's documentation files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 04:02 PM