nexus
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in the 'context-driven-development' workflow. The agent is instructed to parse markdown context files to automate task creation and generate tests. 1. Ingestion points: Files matching .nexus/context/**/*.md. 2. Boundary markers: Absent. 3. Capability inventory: Automated file creation, updates, and code generation for tests. 4. Sanitization: Absent. Malicious instructions embedded in these files could lead the agent to perform unintended actions during the sync or generation process.
- [PROMPT_INJECTION]: The 'skill-from-codebase' functionality scans the entire repository to generate instructions, creating another indirect injection vector. 1. Ingestion points: Full codebase scanning including source files and manifests. 2. Boundary markers: Absent. 3. Capability inventory: Multi-agent orchestration and writing the root SKILL.md file. 4. Sanitization: Mentions a validator subagent, but no specific security-focused sanitization of code comments or strings is detailed.
- [COMMAND_EXECUTION]: The command map defined in the CDD skill implies that the agent will execute various context management commands (e.g., /nexus-context-generate-red-tests, /nexus-context-sync-with-code), which involves interacting with the underlying system and potentially executing generated code.
- [SAFE]: No hardcoded credentials, unauthorized external downloads, or obfuscation payloads were identified in the provided instruction files.
Audit Metadata