nginx-gen
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use
npx ai-nginx, which downloads and executes theai-nginxpackage from the npm registry at runtime. This package originates from an external source (LXGIC Studios/ThinkfleetAI) that is not included in the pre-defined list of trusted organizations or well-known services. - [COMMAND_EXECUTION]: The primary functionality relies on executing shell commands with arguments derived from natural language descriptions (e.g.,
npx ai-nginx "..."). If user-provided text contains shell metacharacters such as semicolons, pipes, or backticks, it could lead to arbitrary command execution on the host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted "plain English" descriptions into command arguments.
- Ingestion points: User-provided descriptions are passed to the
ai-nginxCLI tool via shell arguments. - Boundary markers: No explicit boundary markers or sanitization logic is present in the skill instructions to prevent the agent from including malicious shell commands in the execution string.
- Capability inventory: The skill possesses the capability to execute subprocesses through the shell via
npx. - Sanitization: There is no evidence of input validation or escaping for the shell commands.
Audit Metadata