vue-spec

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill focuses on documentation within the local workspace and adheres to least-privilege principles by restricting file operations to relevant project files and avoiding sensitive system paths.
  • [COMMAND_EXECUTION]: Uses standard developer utilities (grep, glob) for file discovery and git for optional installation, all of which are typical for development tools and properly scoped to the project context.
  • [SAFE]: The build system modifications (Vite/Nuxt plugins) are minimal and serve the legitimate purpose of handling custom SFC blocks. The injected code is transparent and does not introduce external dependencies or remote execution.
  • [PROMPT_INJECTION]: The skill processes untrusted source code, creating a surface for indirect prompt injection.
  • Ingestion points: Reads .vue files during the component analysis phase.
  • Boundary markers: Absent; code is analyzed directly without delimiters to ignore embedded instructions.
  • Capability inventory: File read/write and build configuration modification.
  • Sanitization: None; the agent relies on its ability to distinguish code structure from content.
  • Note: The severity is assessed as safe because the impact is limited to the generated documentation and aligns with the tool's core functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:52 PM
Security Audit — agent-trust-hub — vue-spec