Security Audit

nx-ci-monitor

github.com/tech-leads-club/agent-skills

AI SkillCommit f4b5c7d699b8

CAUTION

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

nx-ci-monitor received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Command Injection via untrusted taskId in subagent execution, Prompt Injection in subagent prompt construction.

The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit f4b5c7d6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Command Injection via untrusted taskId in subagent execution The skill explicitly instructs a 'general' subagent to run commands of the form `<pm> nx run <taskId>`, where `<taskId>` is derived from external CI system output (`failedTaskIds`, `verifiedTaskIds`). If an attacker can control the content of these task IDs (e.g., by crafting a malicious CI pipeline or task name), they could inject arbitrary shell commands into the subagent's execution context. For example, a `taskId` like `foo; rm -rf /` would lead to `pnpm nx run foo; rm -rf /` if not properly sanitized. Implement strict sanitization and validation for `<taskId>` before it is used in shell commands. Ensure that `taskId` only contains allowed characters (e.g., alphanumeric, hyphens, colons) and does not contain shell metacharacters. Consider using a tool that executes `nx run` directly without shell interpretation if possible, or pass `taskId` as a distinct argument to a tool that handles command construction safely.	Unknown	SKILL.md:100
HIGH	Prompt Injection in subagent prompt construction The skill constructs prompts for the `ci-watcher` subagent using variables such as `<branch>`, `<expected_commit_sha>`, and `<last_cipe_url>`. These variables are derived from external input or local repository state, which could potentially be controlled or influenced by an attacker. If these variables are not properly sanitized or escaped before being interpolated into the subagent's prompt, a malicious string could inject new instructions or override existing ones for the `ci-watcher` subagent. For example, if `<branch>` contains prompt injection directives, the subagent's behavior could be altered. Implement robust sanitization and escaping for all variables interpolated into subagent prompts. Specifically, ensure that `<branch>`, `<expected_commit_sha>`, and `<last_cipe_url>` are treated as literal strings and cannot introduce new instructions or modify the subagent's behavior. Consider using structured data formats for inter-agent communication instead of raw string interpolation for critical parameters.	Unknown	SKILL.md:200

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/528a8a530cb72859.svg)](https://skillshield.io/report/528a8a530cb72859)