nestjs-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and referenced documentation are focused entirely on NestJS best practices and code review. Analysis of the instructions, examples, and reference files reveals no malicious intent, data exfiltration patterns, obfuscation, or suspicious network activities.- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted third-party source code, which constitutes an indirect prompt injection surface. This is an inherent property of code review tools and is mitigated by the specific context of generating a technical report.
- Ingestion points: Local source code files accessed via Read, Glob, and Grep tools.
- Boundary markers: No specific delimiters or "ignore" instructions are provided for separating file content from agent instructions in the SKILL.md file.
- Capability inventory: The skill has access to Bash, Edit, Read, Glob, and Grep tools.
- Sanitization: There is no mention of sanitizing or escaping the content of files before they are processed by the agent.
Audit Metadata