yy-frontend-vue3-code-optimization
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands (
git diff) to identify changed files within the repository to define the scope of optimization. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes user-controlled source code files without utilizing boundary markers or explicit instructions to ignore potential commands embedded within the code.
- Ingestion points: Reads content from .vue, .js, .ts, .css, .scss, and .less files.
- Boundary markers: Absent; the instructions do not specify how to distinguish between code and embedded instructions.
- Capability inventory: Local file system access and shell command execution.
- Sanitization: Input code is not sanitized or escaped before being included in the agent's context for optimization.
- [SAFE]: The skill's code style guidelines (
references/code-style.md) advocate for the use of the non-strict equality operator (==) instead of strict equality (===). While this is a poor security practice in JavaScript that increases the risk of type-coercion bugs, the skill mitigates this by requiring the agent to flag these changes for manual user confirmation.
Audit Metadata