nats-design-subject
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include a section for testing designs that utilizes the Shell tool. It provides templates for commands like nats pub and nats sub which incorporate subject names. If the agent populates these names using unsanitized user input, it may lead to the execution of unintended commands.\n- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8).\n
- Ingestion points: Untrusted data enters the agent via the AskUserQuestion tool when the user provides domain, region, and tenant information.\n
- Boundary markers: No delimiters or ignore instructions are present to protect the prompt from instructions embedded in user input.\n
- Capability inventory: The agent has access to Shell, Write, and Read tools.\n
- Sanitization: No input validation or sanitization is performed on the user-provided architectural components before they are used in commands or logic.
Audit Metadata