Skills
skills/mdhb2/aix-skillpack/vue-expert-js/Gen Agent Trust Hub

vue-expert-js

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8). It processes untrusted user requirements to generate source code files.
  • Ingestion points: User-provided feature requirements and architectural plans in the prompt context.
  • Boundary markers: Absent; there are no specific instructions for the agent to ignore or delimit potentially malicious instructions within user inputs.
  • Capability inventory: The skill instructs the agent to create directories and write generated code artifacts to the filesystem (e.g., using mkdir -p .aix).
  • Sanitization: No explicit sanitization or validation of user-provided content is defined before it is used in code generation.
  • [COMMAND_EXECUTION]: The skill contains instructions for the agent to execute shell commands as part of its operational workflow.
  • Evidence: The 'AIX Pack Compliance' section in SKILL.md directs the agent to execute mkdir -p .aix to ensure the output directory exists before writing files.
  • Context: These commands are used for standard project structure management and do not involve privilege escalation or unauthorized access.
  • [EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted JavaScript packages from the NPM registry.
  • Dependencies: Includes standard development tools such as vitest, pinia, vue, and eslint-plugin-jsdoc for code verification and testing.
  • Documentation: References additional guidance from the author's public documentation site (jeffallan.github.io).
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:22 AM
Security Audit — agent-trust-hub — vue-expert-js