nx-run-tasks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- COMMAND_EXECUTION (LOW): The skill directs the agent to execute arbitrary shell commands through the Nx CLI (e.g., nx run, nx run-many). This grants the agent the ability to execute any script defined within the project's configuration files.
- INDIRECT_PROMPT_INJECTION (LOW): The skill prompts the agent to ingest data from untrusted local files such as package.json and project.json to determine executable tasks. An attacker could craft a malicious repository with instructions embedded in these files to hijack the agent's execution flow. Mandatory Evidence Chain: 1. Ingestion points: package.json, project.json, and the output of 'nx show project'. 2. Boundary markers: Absent. 3. Capability inventory: Execution of local shell commands via the Nx CLI. 4. Sanitization: Absent.
Audit Metadata