Skills
skills/onmax/nuxt-skills/nuxt-seo/Gen Agent Trust Hub

nuxt-seo

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill suggests running 'npx nuxi module add @nuxtjs/seo' and 'npx nuxt-og-image eject NuxtSeo' in SKILL.md and references/og-image.md. These commands download and execute code from external registries.
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted data from Nuxt Content frontmatter and external API endpoints (e.g., /api/posts) as documented in SKILL.md and references/crawlability.md. Evidence Chain: 1. Ingestion points: posts/** and /api/posts. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution via npx commands. 4. Sanitization: Absent.
  • [Dynamic Execution] (LOW): According to references/og-image.md, the skill uses Satori for runtime image rendering and Chromium for capturing page screenshots, which involve dynamic execution and rendering patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:39 PM