nuxt-ui
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The chat layout documentation in references/layouts/chat.md identifies a vulnerability surface where untrusted data from AI streams is rendered. Evidence: 1. Ingestion points: chat.messages in pages/chat/[id].vue. 2. Boundary markers: Absent in the provided UI implementation snippets. 3. Capability inventory: Rendering text via the MDC component. 4. Sanitization: Not explicitly addressed in the UI examples. This is standard functionality for building a chat interface.
- External Downloads (SAFE): The skill instructions include pnpm commands for installing legitimate and widely used packages such as @nuxt/ui, tailwindcss, and the Vercel AI SDK.
- Command Execution (SAFE): The shell commands provided are standard for web development (pnpm add) and do not involve piped execution or privilege escalation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access patterns, or unauthorized network activity were detected. API endpoints in examples are for local server routes.
Audit Metadata