Skills
skills/giuseppe-trisciuoglio/developer-kit-claude-code/nx-monorepo/Gen Agent Trust Hub

nx-monorepo

Fail

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs users to use sudo for administrative operations, specifically adding a PPA and installing the Nx CLI globally on Linux systems (sudo add-apt-repository ppa:nrwl/nx, sudo apt install nx). This introduces a privilege escalation risk. \n- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and execution of external packages via npx and npm, and references third-party CI/CD components like GitHub Actions (nrwl/nx-set-shas@v4) and CircleCI orbs (nrwl/nx@1.7.0). These are from well-known sources. \n- [PROMPT_INJECTION]: The skill processes untrusted user-provided names for applications and libraries, which are then interpolated into shell commands without sanitization. \n
  • Ingestion points: User input for project, library, and component names used in generator commands (e.g., nx g @nx/react:app my-app). \n
  • Boundary markers: No delimiters or warnings are used to prevent the execution of embedded instructions in user input. \n
  • Capability inventory: The skill uses Bash, Write, Edit, and Read tools, providing a wide range of actions. \n
  • Sanitization: No input validation or escaping is performed on parameters before command execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 23, 2026, 11:33 PM