nuxt-studio
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill describes a CMS workflow where users edit markdown and MDC content that is subsequently processed by an integrated AI content assistant (Vercel AI Gateway). This creates an attack surface for indirect prompt injection. Ingestion points: The visual editor and draft layer described in references/live-editing.md allow for the entry of untrusted or user-supplied content. Boundary markers: No explicit instructions or markers are mentioned to delimit user content from system instructions when processed by the AI features. Capability inventory: The skill facilitates committing changes to Git repositories and triggering automated CI/CD rebuilds as detailed in references/deployment.md. Sanitization: No sanitization, validation, or escaping of user-supplied content is documented prior to AI processing.
- [EXTERNAL_DOWNLOADS]: The skill documentation includes commands to install external modules via standard package managers. Evidence: Commands like 'npx nuxt module add nuxt-studio' and 'npx nuxi module add hub' are provided in SKILL.md and references/configuration.md. Context: These resources are part of the well-known Nuxt framework ecosystem and are used for standard setup tasks.
Audit Metadata