nx-generate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill constructs shell commands such as 'nx generate ' and 'node -e ...' using inputs derived directly from user requests. If these inputs contain shell metacharacters like semicolons or pipes, it could allow arbitrary command execution on the host system.
- [REMOTE_CODE_EXECUTION] (HIGH): By using 'npx' to list and run generators, the agent may download and execute arbitrary packages from the npm registry if a user provides a malicious plugin name.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection (Category 8). Evidence: (1) Ingestion points: User requests and local generator source code in 'tools/generators/' are read to determine execution steps. (2) Boundary markers: Absent. (3) Capability inventory: 'nx generate', 'node -e', 'nx test', and 'nx build' are executed based on the processed content. (4) Sanitization: No sanitization of ingested content is mentioned. A malicious repository could use local generators to hijack agent behavior during the 'Pre-Execution Checklist'.
- [EXTERNAL_DOWNLOADS] (LOW): The skill uses 'npx' to fetch packages from npmjs.org. While this is a trusted registry, the specific packages are determined by dynamic input, which could lead to downloading untrusted code if the plugin name is manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata