nebula-component-validation
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructs the agent to execute
npm run code:fix. While this is a common development task, it involves the execution of shell commands whose behavior is defined by the project'spackage.jsonfile. If the project configuration is untrusted, this could lead to the execution of malicious scripts. - Indirect Prompt Injection (LOW): The skill is designed to process and validate component files. As an agent reads and processes these external files, there is a theoretical risk of encountering embedded instructions meant to influence the agent's behavior, although the use of linting tools like ESLint and Prettier provides a relatively constrained scope of action.
Audit Metadata