nestjs-health-audit
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes the NVM (Node Version Manager) installation script from the official GitHub repository (nvm-sh/nvm) to ensure the correct Node.js environment is configured.
- [COMMAND_EXECUTION]: The audit process involves executing package manager commands (npm, yarn, or pnpm install) and running test suites (test:cov) on the project being audited to verify setup and generate coverage metrics.
- [COMMAND_EXECUTION]: The environment setup and modular execution plan utilize shell commands such as rm, mkdir, find, and wc to manage project files, delete build artifacts, and calculate line counts for architectural analysis.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests large amounts of untrusted source code and configuration data from the audited repository.
- Ingestion points: File reads across all modules, including controllers, services, and CI/CD YAML configurations (referenced in SKILL.md Steps 1-8).
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the analyzed project files.
- Capability inventory: The skill has access to powerful tools including Bash, Write, Edit, and Agent (defined in SKILL.md).
- Sanitization: Content from the repository is processed without explicit sanitization or validation before being incorporated into the agent's context.
Audit Metadata