nuxt-sanity
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides robust defensive patterns for credential management, specifically instructing users to store Sanity tokens in private environment variables and Nuxt's private runtimeConfig to prevent them from being leaked to the client bundle (see
rules/core-module-setup.mdandrules/core-server-routes.md). - [PROMPT_INJECTION]: The skill documents an attack surface for indirect prompt injection through external data ingestion. 1. Ingestion points: Content is fetched from Sanity CMS via
useSanityQuery(documented inrules/core-composables.md). 2. Boundary markers: Not explicitly specified for LLM-consumed data. 3. Capability inventory: The skill enables rendering Portable Text, generating dynamic sitemaps, and powering visual editing. 4. Sanitization: The skill actively mitigates risks by recommendingvalidateSanityQueryto prevent query injection in server routes andstegaCleanto sanitize slugs in sitemaps (seerules/core-server-routes.mdandrules/features-sitemap.md).
Audit Metadata