nx-run-tasks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exhibits an indirect prompt injection surface by consuming external workspace data to drive command execution.
- Ingestion points: The agent is instructed to read
package.json,project.json, and lockfiles from the workspace environment (SKILL.md). - Boundary markers: Absent. There are no instructions to the agent to ignore embedded instructions or validate the integrity of the configuration files before execution.
- Capability inventory: The agent has the capability to execute arbitrary workspace tasks via
nx,npx,pnpx, oryarn(SKILL.md). - Sanitization: Absent. The skill does not provide methods for escaping or sanitizing the 'project' or 'task' strings derived from external files before interpolation into shell commands.
- [Command Execution] (LOW): The skill's primary function is to execute shell commands within the user's environment. While legitimate for a task runner, this capability can be abused if the agent is influenced by malicious instructions in the workspace files it reads.
Audit Metadata