nyolo-write-rule
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the 'nyolo' package, which is downloaded via 'npx' from the official npm registry. This is a standard way to run the tool's CLI.
- [COMMAND_EXECUTION]: The skill recommends running 'npx nyolo test' and 'npx nyolo rules'. These commands are used to verify and list the security rules being created.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by converting user-provided intent into rule logic.
- Ingestion points: User input is gathered in Step 1 and used to populate configuration files.
- Boundary markers: None present in the prompt templates.
- Capability inventory: Uses 'Write' tool to create files and 'npx' via bash to execute verification.
- Sanitization: No explicit sanitization of user-provided patterns or reasons is mentioned.
- [REMOTE_CODE_EXECUTION]: The skill supports generating JavaScript callback functions within configuration files. This functionality is intended for advanced users to implement custom security logic within the nyolo framework.
Audit Metadata