Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/nestjs-module-generator/Gen Agent Trust Hub

nestjs-module-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted user input to generate or modify code while possessing high-privilege capabilities.
  • Ingestion points: Untrusted data enters the context via user requests and triggers such as "Help me with nestjs module generator".
  • Boundary markers: None. The skill does not define any delimiters or instructions to treat user data as untrusted.
  • Capability inventory: The skill is granted Bash, Write, and Edit tools, allowing for system-level changes and command execution.
  • Sanitization: Absent. There is no logic provided to validate or escape inputs before they are used in the generation process.
  • [Command Execution] (HIGH): The inclusion of the Bash tool in allowed-tools represents a significant security risk when paired with generative tasks. Without strict constraints, the agent may be coerced into executing destructive shell commands hidden within a module generation request.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:27 PM