nuxt-repositories
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected. The skill defines patterns for fetching data from external API resources which could contain malicious instructions.
- Ingestion points: The BaseRepository class and its implementations (e.g., PostRepository in SKILL.md and references/repositories.md) ingest data through methods like list(), get(), and jsonGet() from relative API paths and configurable external base URLs.
- Boundary markers: Absent. The repository patterns do not include delimiters or explicit instructions to ignore embedded commands within the retrieved data.
- Capability inventory: The skill provides full CRUD capabilities (list, get, create, update, delete) and direct HTTP methods (jsonGet, jsonPost, jsonPut, jsonPatch, jsonDelete) as documented in references/repositories.md.
- Sanitization: Absent. No evidence of input validation or content sanitization is present in the repository or hydrator examples to protect against malicious data in API responses.
Audit Metadata