skills/giuseppe-trisciuoglio/developer-kit-claude-code/nestjs-drizzle-crud-generator/Gen Agent Trust Hub
nestjs-drizzle-crud-generator
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute a local Python script
scripts/generate_crud.pywhich is not provided in the skill package. This prevents verification of how the script handles inputs or if it performs unauthorized actions. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill implements a code generation surface that ingests untrusted data from the user (feature names and field definitions) and interpolates them into TypeScript templates.
- Ingestion points: Command line arguments
--featureand--fieldsin the generation script. - Boundary markers: The instructions recommend single quotes for JSON input, but there is no evidence of internal escaping or validation.
- Capability inventory: The skill has
Write,Edit, andBashpermissions, allowing it to modify the filesystem and execute generated code. - Sanitization: Not present; the absence of the
generate_crud.pyscript makes it impossible to verify if input is sanitized before interpolation into templates likeservice-template.tsortable-template.ts.
Audit Metadata