vue
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection Surface: The skill is designed to render UIs from JSON specifications, including those that may be AI-generated. This introduces a surface where instructions embedded in the JSON data could influence rendering logic or state. This is an expected architectural pattern for dynamic UI tools, and developers should ensure input specifications are validated.
- Dynamic Expression Evaluation: The library supports dynamic prop expressions and visibility conditions that interpret JSON-based logic at runtime. This functionality is essential for the renderer's operation and follows standard Vue rendering patterns.
- External Package Dependencies: The skill specifies dependencies on @json-render/vue, @json-render/core, and zod, which are standard for its described purpose.
Audit Metadata