nuxt
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Instructional Content (SAFE): All files are markdown-based reference guides. There are no executable scripts (.py, .js, .sh) or binary files included in the skill, meaning the agent only reads these files as knowledge context.
- Prompt Injection (SAFE): The instructions use directives to guide the agent toward modern Nuxt 4 patterns and away from outdated ones (e.g., 'STOP and re-read this skill'). These are standard pedagogical reinforcements and do not attempt to bypass safety filters or extract system prompts.
- Data Security (SAFE): Environment variable examples (e.g., DATABASE_URL) use generic placeholder values (test:test@localhost). No real credentials or sensitive data exposure were found.
- Dependencies (SAFE): The skill mentions standard, well-known Nuxt community modules. While these are external, they are presented as documentation for the user's project, not for installation in the agent's environment.
- Indirect Prompt Injection (SAFE): The skill does not possess tools that ingest external untrusted data; it acts as a static knowledge base for coding assistance.
Audit Metadata