nx-workspace
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill relies on shell commands such as nx, jq, and grep. There is a potential for command injection if the agent interpolates unsanitized user input (such as project names or search patterns) into these commands.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from the workspace environment. 1. Ingestion points: configuration files (nx.json, project.json) and project source files (via grep). 2. Boundary markers: No explicit delimiters or warnings are used to distinguish ingested data from instructions. 3. Capability inventory: The skill has the ability to execute shell commands via nx, cat, jq, and grep. 4. Sanitization: No explicit sanitization or validation of the ingested content is defined.
Audit Metadata