NestJS Framework
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Detection of an indirect prompt injection surface within the template generation logic described in
templates/TEST-RESULTS.md. The implementation uses simple string replacement to interpolate placeholder values into code templates. - Ingestion points: Entity names and configuration values (e.g.,
{{EntityName}}) used during the template replacement process. - Boundary markers: None; the values are directly injected into the template strings without escaping or validation.
- Capability inventory: The skill facilitates the creation of executable TypeScript files via
fs.writeFileSyncwhich are intended to be run in a NestJS environment. - Sanitization: No sanitization or validation of the replacement values is demonstrated in the provided examples.- [CREDENTIALS_UNSAFE] (SAFE): Environment variable examples in
examples/README.mduse obvious placeholders for secrets (e.g.,JWT_SECRET=your-super-secret-key-change-in-production). These do not constitute a credential leak.- [EXTERNAL_DOWNLOADS] (SAFE): All suggested dependencies are standard, trusted packages from the@nestjsscope or reputable community libraries (e.g.,bcrypt,class-validator).
Audit Metadata