nx-workspace
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill reads and processes untrusted data from 'nx.json', 'project.json', and source code files. Malicious instructions embedded in these files can influence the agent's behavior as it lacks boundaries for untrusted data.\n
- Ingestion points: Workspace configuration files ('nx.json', 'project.json') and source code (via grep).\n
- Boundary markers: Absent. There are no instructions or delimiters to isolate untrusted file content from the agent's internal logic.\n
- Capability inventory: Command execution via 'nx', 'jq', 'grep', 'cat', and 'git'.\n
- Sanitization: Absent.\n- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute shell commands and specifically suggests using 'npx', 'pnpx', or 'yarn'. In an untrusted workspace environment, these tools can be exploited to run malicious code through lifecycle scripts or local package definitions.
Recommendations
- AI detected serious security threats
Audit Metadata