nano
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local utility scripts including
bin/find-artifact.sh,bin/find-solution.sh, andbin/save-artifact.shto retrieve project context and persist implementation plans. - [DATA_EXFILTRATION]: Accesses the user's home directory to read configuration data from
~/.nanostack/stack.json. While this is used for setting development defaults, it represents access to files outside the immediate project repository. - [PROMPT_INJECTION]: The skill ingests data from external artifacts and solution summaries, which presents an attack surface for indirect prompt injection where malicious instructions in those files could influence the agent's planning output.
- Ingestion points: Reads data from
bin/find-artifact.sh,bin/find-solution.sh, and local project configuration files (e.g.,package.json,go.mod). - Boundary markers: The instructions do not define specific delimiters or security headers to separate untrusted data from the agent's system prompt.
- Capability inventory: The skill can execute local shell scripts and influence the structural planning of the entire software development lifecycle.
- Sanitization: No explicit sanitization or validation logic is applied to the content of the retrieved artifacts before they are processed by the agent.
Audit Metadata