skills/eva813/vue3-skills/vue-layout/Gen Agent Trust Hub

vue-layout

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface
  • Ingestion points: The skill reads data from Figma designs via the Framelink MCP and processes local specification files (draft-spec.md).
  • Boundary markers: No explicit instructions are provided to the agent to treat data from these sources as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill uses mcp-fs to write generated Vue components and TypeScript files to the local filesystem.
  • Sanitization: There are no mentioned validation or sanitization steps for the data extracted from Figma or the spec files before they are interpolated into the generated code templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 06:19 AM
Security Audit — agent-trust-hub — vue-layout