bull-bullmq-nestjs
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a task processing architecture that is susceptible to indirect prompt injection if untrusted data is processed.
- Ingestion points: The
InternalJobsControllerinreferences/cloud-tasks-migration.mdexposes a POST endpoint (/internal/jobs/:queue/:jobName) designed to receive task payloads from external sources (GCP Cloud Tasks). - Boundary markers: The provided code examples lack explicit delimiters or instructions (e.g., 'ignore embedded commands') to prevent the agent or worker from interpreting data within the job payload as instructions.
- Capability inventory: The
NotificationsProcessorandRemindersProcessorhave the capability to perform network operations (sending Firebase push notifications) and execute database queries via Prisma based on the content of the ingested jobs. - Sanitization: There is no evidence of content sanitization or validation for the message bodies (title, body, deepLink) before they are sent to the push notification service.
Audit Metadata