Skills
skills/riteshshukla04/agent-skills/build-nitro-modules/Gen Agent Trust Hub

build-nitro-modules

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates a potential indirect prompt injection vulnerability by instructing the agent to use unsanitized user input (library names) directly in shell commands such as npx nitrogen@latest init <name>. \n
  • Ingestion points: User input for library name collected in SKILL.md and setup-monorepo-init.md. \n
  • Boundary markers: None specified to delimit user input from instructions. \n
  • Capability inventory: Execution of shell commands via npx, bun, mv, and rm as described in SKILL.md and setup-monorepo-init.md. \n
  • Sanitization: The instructions do not include steps to validate or sanitize the user-provided string against shell metacharacters. \n- [EXTERNAL_DOWNLOADS]: The skill utilizes standard package managers to fetch and execute development tools and dependencies from well-known sources. \n
  • Evidence: References to npx nitrogen, npx @react-native-community/cli, and bun add throughout the skill documentation for scaffolding and dependency management. \n- [COMMAND_EXECUTION]: The skill involves the execution of various shell commands to manage the filesystem and build processes. \n
  • Evidence: Documented use of mv, rm, npx, and bun for project setup, code generation, and running example applications.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 04:51 PM