nx-monorepo
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to execute Nx CLI commands, which is required for its primary purpose of monorepo management. This includes creating workspaces, running builds, and executing tests. - [EXTERNAL_DOWNLOADS]: The documentation includes numerous commands using
npx,npm, andnx addto fetch and execute packages from the npm registry, which is a well-known service. These operations are standard for the Nx ecosystem. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes project configuration files (
project.json,nx.json) and source code which could originate from untrusted sources. - Ingestion points: Reads and edits local configuration files and source code via
Read,Glob, andGreptools. - Boundary markers: None identified in the provided instructions.
- Capability inventory: Significant capabilities including
Bashcommand execution and file modification tools (Write,Edit). - Sanitization: No explicit sanitization of file content is described before processing or execution.
- [CREDENTIALS_UNSAFE]: The documentation contains placeholder credentials (e.g.,
password: 'pass') and secret placeholders (e.g.,encryptionKey: "your-encryption-key") in reference examples. These are standard documentation practices and do not represent a security risk in the skill itself.
Audit Metadata