nuxt-module-finder
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Prompt Injection (MEDIUM): The skill identifies a high-risk surface for Indirect Prompt Injection. It utilizes the
mcp_nuxt_get-moduletool to fetch README content from external, untrusted third-party modules. Ingestion points: External module README files via themcp_nuxt_get-moduletool. Boundary markers: Absent; the instructions do not provide delimiters or guidance for the agent to treat the fetched README content as untrusted data. Capability inventory: The skill generates setup and installation instructions for users. While it does not execute code directly via tools, it acts as a trusted advisor for the user's local environment, which can be exploited if the agent relays malicious commands found in documentation. Sanitization: Absent; there is no logic to filter or sanitize the documentation content before the agent processes it.
Audit Metadata