nx-import
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various workspace management commands including
nx import,pnpm install,npm install, andnpx nx add. These are standard tool commands for the described task and are used to manage project dependencies and configurations. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and merger of code from external repositories provided by the user via the
nx importcommand. This is an expected behavior for a migration tool but involves interacting with remote content. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests data from external source repositories which are then integrated into the local workspace and analyzed by the agent.
- Ingestion points: SKILL.md describes importing code from a source repository or folder into the current workspace using the
nx importcommand. - Boundary markers: No explicit boundary markers or instructions to ignore embedded prompts in the imported code were found in the provided files.
- Capability inventory: The skill utilizes subprocess calls (
nx,pnpm,npm,npx) and performs extensive file system operations, including reading, writing, and deleting configuration files (package.json,nx.json,tsconfig.json,pnpm-workspace.yaml) across all included reference files. - Sanitization: No specific sanitization or validation mechanisms for the imported content are described; the skill relies on manual intervention and configuration 'fixes' to resolve architectural issues.
Audit Metadata