nx-ci-monitor
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is instructed to read
nx.jsonat the workspace root to verify the presence ofnxCloudIdornxCloudAccessTokenfor authentication. - [EXTERNAL_DOWNLOADS]: The skill performs remote operations including:
- Executing package manager installation commands (
pnpm install,yarn install,npm install) to resolve lockfile issues. - Using
nx apply-locally <shortLink>to fetch and apply patches from the Nx Cloud service. - [REMOTE_CODE_EXECUTION]: Applying remote patches via
nx apply-locallymodifies the local source code, which is then executed vianx run <taskId>or committed and pushed to CI. - [COMMAND_EXECUTION]: The skill has extensive command-line capabilities including:
- Git operations:
git branch,git status,git commit, andgit pushto the remote repository. - Task execution: Running arbitrary Nx tasks using
<pm> nx run <taskId>. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its processing of external data:
- Ingestion points: Data enters the agent context via the
ci-watchersubagent, specifically throughtaskOutputSummary,suggestedFixReasoning, andfailedTaskIdswhich are derived from external CI logs. - Boundary markers: No explicit delimiters or boundary markers are defined to isolate untrusted CI output from the agent's core logic.
- Capability inventory: The agent possesses high-impact capabilities including
git push,pnpm/npm/yarn install, andnx run(subprocess execution). - Sanitization: There is no evidence of sanitization or filtering of the CI logs before they are analyzed for code generation or enhancement.
Audit Metadata