The Agent Skills Directory

Prompt Injection (SAFE): The skill contains instructional language designed to guide the AI's coding workflow (e.g., 'MUST be used', 'ALWAYS use Composition API'). These are standard operational parameters and do not attempt to bypass safety filters, reveal system prompts, or override core agent instructions.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or access to sensitive local file paths (like ~/.ssh or .env) were found. Code snippets use standard mock API endpoints for demonstration purposes.
Obfuscation (SAFE): The content is entirely human-readable markdown. No Base64, zero-width characters, or homoglyph-based obfuscation techniques are present.
Unverifiable Dependencies (SAFE): The skill references several popular, well-maintained libraries (e.g., VueUse, GSAP, TanStack Virtual). It does not attempt to perform automated installations or execute remote scripts at runtime.
Indirect Prompt Injection (LOW): As a coding guideline, the skill defines how to process data within Vue components. It explicitly includes security best practices for handling user-provided HTML, which mitigates typical indirect injection risks at the application level.
Dynamic Execution (SAFE): While it discusses Vue's 'render functions', it correctly identifies them as advanced tools and provides patterns for safe implementation, avoiding the use of eval() or other dangerous dynamic execution methods.

vue-best-practices