vitepress
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill contains documentation and code examples for VitePress that align with the framework's official guidelines and best practices. All external repository links (Anthony Fu, Vue.js) are to trusted ecosystem authors.- [PROMPT_INJECTION]: The skill describes framework features that ingest external data (Data Loaders and Dynamic Routes), which represent a surface for indirect prompt injection if an agent processes untrusted content.
- Ingestion points: Build-time data loader files (
*.data.ts), paths loader files (*.paths.ts), and markdown inclusions (@include,<<<). - Boundary markers: None specified in the documentation examples.
- Capability inventory: Build-time execution of JavaScript in Node.js, file system access (
fs.readFileSync), and network operations (fetch). - Sanitization: Not explicitly discussed; the framework renders content into the generated site.
Audit Metadata