nestjs-expert
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands (such as grep, find, and test) and standard CLI tools (npm, nest) to perform project environment diagnostics and validate fixes. These commands are typical for development workflows and the skill explicitly advises using one-shot diagnostics rather than long-running processes.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and analyzes untrusted data from local project files. 1. Ingestion points: The skill reads configuration files like package.json, nest-cli.json, and tsconfig.json, as well as application source code (*.module.ts). 2. Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions that might be embedded within the project files. 3. Capability inventory: The skill has the capability to read files and execute local commands via bash and npm. 4. Sanitization: No content sanitization or validation is specified for the data ingested from the project files.
Audit Metadata