vue-layout
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill reads data from Figma designs via the Framelink MCP and processes local specification files (
draft-spec.md). - Boundary markers: No explicit instructions are provided to the agent to treat data from these sources as untrusted or to ignore embedded instructions.
- Capability inventory: The skill uses
mcp-fsto write generated Vue components and TypeScript files to the local filesystem. - Sanitization: There are no mentioned validation or sanitization steps for the data extracted from Figma or the spec files before they are interpolated into the generated code templates.
Audit Metadata