nestjs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. 1. Ingestion points: Untrusted data enters the agent context via memoryStore.getSkillMemory, memoryStore.getByProject, and contextProvider.getDomainIndex as described in SKILL.md (Steps 2 and 3). 2. Boundary markers: Absent. The skill instructions do not define delimiters or specific 'ignore embedded instructions' warnings for the ingested memory data. 3. Capability inventory: The skill has the capability to write files to the /claudedocs/ directory and perform persistent state updates via memoryStore.update (SKILL.md, Step 6). 4. Sanitization: Absent. No explicit sanitization, escaping, or validation of the retrieved memory/context data is defined before it is processed by the agent.
- [NO_CODE] (SAFE): The skill consists entirely of natural language instructions and examples. It does not include any executable scripts (Python, Node.js), binaries, or automated shell command operations.
Audit Metadata