nuxt-documentation-lookup
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from an external source (Nuxt documentation pages) and merges it into the agent's context.
- Ingestion points: External content retrieved via the
mcp_nuxt_get-documentation-pagetool. - Boundary markers: Absent; there are no explicit delimiters or instructions for the agent to ignore embedded commands within the fetched documentation.
- Capability inventory: The skill influences agent reasoning and code example generation. It does not explicitly define subprocess, file-write, or network-send capabilities within this specific file, limiting the immediate impact of a potential injection.
- Sanitization: None; the skill assumes the retrieved documentation is safe and does not perform validation or filtering.
Audit Metadata