vue-layout
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows security best practices for specialized UI agents by explicitly prohibiting network operations (e.g., fetch, axios) and the implementation of business logic, limiting the agent's scope to pure structural UI generation.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes content from external Figma designs and local specification files. While this is inherent to its functionality, the lack of sanitization or delimiters is a noted risk factor.\n
- Ingestion points: Figma node data accessed via the Framelink MCP for Figma and content from local spec.md files.\n
- Boundary markers: The skill does not define specific delimiters or warnings for the agent to ignore potentially malicious instructions embedded in design metadata or labels.\n
- Capability inventory: The skill uses the mcp-fs tool to write generated Vue and TypeScript files to the project directory.\n
- Sanitization: No specific data validation or escaping is mandated before external design text is interpolated into the generated code structure.
Audit Metadata