Skills
skills/eng0ai/eng0-template-skills/nestjs-typescript-starter/Gen Agent Trust Hub

nestjs-typescript-starter

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The skill clones a remote repository from 'https://github.com/nestjs/typescript-starter.git' and executes 'npm install'. This can trigger arbitrary code execution via npm lifecycle scripts (such as preinstall or postinstall) defined in the external repository.
  • [COMMAND_EXECUTION] (MEDIUM): The skill executes 'npm run build' and 'npm run start:dev', which run scripts defined in the external repository's package.json. These scripts are unverifiable and could be modified to perform malicious actions.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill downloads content from a non-whitelisted GitHub organization ('nestjs'). While NestJS is a well-known framework, it does not fall within the specific trusted organizations list, requiring manual verification of the repository content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:09 PM