nestjs
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches official framework and database driver packages from established registries (NPM) and well-known technology providers including Drizzle ORM, Neon, Vercel, and PlanetScale.
- [COMMAND_EXECUTION]: Provides instructions for standard development workflows using CLI tools such as
drizzle-kit,docker,turso,netlify, andgelfor database management and project deployment. - [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by documenting APIs that process untrusted user input.
- Ingestion points: Controller routes in
SKILL.mdandreference.mdusing@Body,@Query, and@Paramdecorators. - Boundary markers: Standard DTO usage is recommended throughout the skill.
- Capability inventory:
Bash,Write,Edit,Glob,Grep, andReadtools are allowed to the agent. - Sanitization: Instructions mandate the use of Data Transfer Objects (DTOs) and
class-validatorwithValidationPipeto ensure input integrity and security. - [SAFE]: No malicious patterns or security risks were detected. All code examples follow industry standard practices for TypeScript and NestJS development, including specific warnings against hardcoding credentials and guidance on implementing secure guards for authorization.
Audit Metadata