nestjs-drizzle-crud-generator
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted user input to generate executable code.
- Ingestion points: User input for entity names and field definitions passed via CLI arguments as described in
SKILL.md. - Boundary markers: Absent; the templates do not contain delimiters or instructions for the agent to ignore embedded malicious instructions in the field names.
- Capability inventory: The skill possesses
Write,Edit, andBashtools, which are used to generate and save source files to the local filesystem. - Sanitization: Not observed; the provided templates directly interpolate placeholders like
{{featureName}}and{{TableFields}}into the output files without explicit escaping logic. - [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute a local Python script (
scripts/generate_crud.py) to perform the generation. Since the source code for this script was not provided in the skill files, its internal behavior and safety cannot be fully audited, though the command usage aligns with the skill's stated purpose.
Audit Metadata