nango-function-builder
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Employs basic shell commands (
ls,pwd) solely for environment discovery and validation, ensuring the agent operates within a valid Nango project root and identifies the correct project format. - [SAFE]: Enforces a restrictive runtime environment by explicitly prohibiting arbitrary third-party package imports in generated functions, limiting dependencies to a safe, pre-approved list (
zod,crypto,url). - [EXTERNAL_DOWNLOADS]: Utilizes standard developer tooling (
npx nango,npm test) for validation and testing workflows. These are well-known services used as intended for the development of Nango integrations. - [SAFE]: Implements mandatory schema validation using Zod for both input parameters and external API responses, which serves as a robust defense against indirect prompt injection and malformed data from external sources.
- [PROMPT_INJECTION]: Contains no evidence of malicious instruction overrides or safety bypass attempts. The 'Non-Negotiable Rules' and 'Stop' instructions are legitimate operational constraints designed to ensure functional correctness.
Audit Metadata