slidev-components
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): The 'CodeDemo.vue' component implementation uses the
eval()function to execute JavaScript code passed via thecodeprop. - Evidence: Found in
CodeDemo.vuetemplate section:output.value = eval(props.code). - Risk: If this component is used to render content from external, untrusted sources (e.g., user-submitted markdown or API data), it could lead to arbitrary code execution in the context of the presentation viewer's browser.
- External Dependency (SAFE): The skill references standard packages for its intended environment.
- Evidence: Imports
@slidev/clientandqrcode. - Status: These are well-known libraries in the Slidev/Vue ecosystem.
Audit Metadata