Skills
skills/alexanderop/awesome-claude-code-vue/nuxt-content/Gen Agent Trust Hub

nuxt-content

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill creates a high-severity attack surface by requiring the agent to ingest untrusted external data and use it for code implementation.
  • Ingestion points: The URL https://content.nuxt.com/llms.txt referenced in SKILL.md.
  • Boundary markers: Absent. The skill provides a prompt template that lacks instructions to ignore or treat embedded directives in the documentation as data rather than instructions.
  • Capability inventory: The skill is used for 'implementing features' and 'writing code', giving it significant side-effect potential.
  • Sanitization: Absent. The content is passed directly to the LLM context.
  • [Prompt Injection] (MEDIUM): The instructions utilize absolute and aggressive language ('ABSOLUTELY FORBIDDEN', 'MANDATORY', 'CRITICAL') to override the agent's internal reasoning and default safety prioritization.
  • [External Downloads] (LOW): The skill systematically fetches data from a non-whitelisted external domain (content.nuxt.com). While fetching text, this creates a dependency on an external source for agent behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:03 AM