nx-generate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes multiple shell commands including
nx generate,nx test,nx build, andnx lint. While standard for development, these commands execute code defined in generators (local or external) and project scripts. - EXTERNAL_DOWNLOADS (LOW): Uses
npxandnxcommands, which may trigger the download and installation of packages or plugins from the npm registry if they are not already cached locally. - DYNAMIC_EXECUTION (LOW): Employs
node -eto dynamically resolve file paths for generator configurations. This is a common development pattern but involves runtime execution of a generated string. - INDIRECT_PROMPT_INJECTION (LOW): Processes user-provided input for generator names and configuration options.
- Ingestion points: User instructions for creating or modifying code via
nx-generate. - Boundary markers: Absent. The skill relies on natural language context.
- Capability inventory: Full command execution via shell for project generation, testing, and building (SKILL.md).
- Sanitization: The skill includes a mandatory 'Pre-Execution Checklist' that requires the agent to 'Read Generator Source Code' and 'Fetch Generator Schema' before running any commands, serving as a human-in-the-loop or agent-audit safety mechanism.
Audit Metadata