nestjs-expert
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local diagnostic commands including
test,grep,find,sed, andxargsto detect the framework version and project structure. - [COMMAND_EXECUTION]: The skill instructs the agent to run project-level scripts such as
npm run build,npm run test, andnpm run test:e2eto verify architectural fixes. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the local project environment.
- Ingestion points: The agent reads configuration files (
package.json,nest-cli.json,tsconfig.json) and source code files (src/**/*.module.ts) usingfindandgrep. - Boundary markers: No explicit boundary markers or 'ignore embedded instructions' directives are used when the agent processes file content.
- Capability inventory: The agent can execute build commands, testing suites, and Nest CLI generators (
nest generate,nest info). - Sanitization: There is no evidence of sanitization or filtering of the content read from the project files before it is passed to the LLM context.
Audit Metadata