markstream-nuxt
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides standard integration patterns for the markstream-vue component within Nuxt 3 and 4 environments.
- [SAFE]: It enforces security best practices by defaulting to a restricted HTML rendering policy and strict Mermaid configurations to mitigate injection risks in processed content.
- [SAFE]: The instructions prioritize server-side rendering safety by requiring browser-specific dependencies to be isolated within client-side boundaries.
- [PROMPT_INJECTION]: Indirect injection surface identified: untrusted data enters via 'content', 'nodes', and 'final' props in SKILL.md; boundary markers are present using '' wrappers; capability inventory is limited to UI rendering in SKILL.md; sanitization is present via default 'html-policy="safe"' and Mermaid strict mode.
Audit Metadata