avue
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill is composed entirely of markdown documentation and instructions for navigating framework examples. No executable scripts, shell commands, or binaries are present.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill references the '@smallwei/avue' package and the official Avue GitHub repository. These are legitimate resources for the framework being documented.
- [Indirect Prompt Injection] (LOW): The documentation identifies framework APIs such as 'loadScript' and 'downFile'. While these are legitimate framework features, they represent a potential vulnerability surface if an agent creates code using these functions with unsanitized user-provided inputs. (Ingestion points: User queries for implementation examples; Capability inventory: Mentions of script loading and file download APIs; Boundary markers: Absent; Sanitization: Absent).
Audit Metadata