nuxt-models
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external data from API responses, creating an attack surface for indirect injection.
- Ingestion points: Data enters the system via
Model.hydrate()andModel.collect()methods as shown inSKILL.mdandreferences/models.md. - Boundary markers: There are no boundary markers or explicit instructions to ignore embedded commands implemented in the hydration flow.
- Capability inventory: The
booted()lifecycle hook inreferences/models.mddemonstrates a dangerous pattern whereregisterPermissions(this.permissions)is called using data sourced directly from the input payload. This allows an attacker-controlled data source to potentially manipulate application security logic. - Sanitization: The provided examples lack any logic for validation, escaping, or sanitization of external content before it is processed by the model lifecycle.
Recommendations
- AI detected serious security threats
Audit Metadata