contentful
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs several official Node.js packages for Contentful integration, including 'contentful', 'contentful-management', and rich text rendering utilities. These originate from a well-known service and are used according to standard implementation patterns.
- [PROMPT_INJECTION]: The skill fetches and processes structured content from the Contentful API, which constitutes an indirect prompt injection surface.
- Ingestion points: The agent retrieves content using 'getEntries' and 'sync' methods as documented in 'SKILL.md'.
- Boundary markers: No explicit instructions or delimiters are provided to ensure the agent ignores potential instructions embedded within the CMS content.
- Capability inventory: The skill leverages network access for API interactions and local file system access for asset management ('fs.createReadStream').
- Sanitization: The implementation uses '@contentful/rich-text-react-renderer', which is the standard method for safely processing Contentful rich text.
Audit Metadata