The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The scripts scripts/nx-docs.sh and scripts/nx-plugins.sh execute npx -y nx-mcp@latest. This pattern downloads and executes code from the public npm registry every time the tool is invoked without version pinning or integrity checks. This allows an attacker who gains control of the npm package to execute arbitrary code on the host system.
COMMAND_EXECUTION (MEDIUM): In scripts/nx-docs.sh, the $QUERY variable is interpolated directly into a JSON string passed as a command-line argument: -p "{\"userQuery\": \"$QUERY\"}". A crafted query containing escaped double quotes or other shell-sensitive characters could lead to JSON malformation or shell injection, depending on how mcp-client.py (which is referenced but not provided) handles arguments.
INDIRECT_PROMPT_INJECTION (MEDIUM):
Ingestion points: The skill ingests untrusted data through nx-docs.sh (user queries/external docs) and by reading project configuration files (project.json, nx.json).
Boundary markers: None identified in the provided scripts or prompts.
Capability inventory: The skill has significant execution capabilities, including nx build, nx test, nx run-many, and nx g (code generation), which can execute arbitrary shell commands defined in workspace configurations.
Sanitization: There is no evidence of sanitization for the data retrieved from the nx-mcp documentation tool before it is processed by the agent.
EXTERNAL_DOWNLOADS (MEDIUM): The skill encourages connecting to 'Nx Cloud' via npx nx connect, which involves sending workspace metadata and build artifacts to a remote service. While a standard feature of Nx, users should be aware of the data exposure implications.

nx-monorepo