Trust Assessment
nx-generate received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unsanitized User Input in Shell Commands (Command Injection), Excessive Permissions and Broad File System Access, Potential Data Exfiltration via Repository Context and Error Messages.
The analysis covered 4 layers: dependency_graph, static_code_analysis, manifest_analysis, llm_behavioral_safety. The llm_behavioral_safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit f4b5c7d6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized User Input in Shell Commands (Command Injection) The skill explicitly instructs the agent to construct and execute shell commands (`nx generate`, `nx lint`, `nx test`, `nx build`) where parts of the command, such as `<generator-name>`, `<options>`, and `<new-project>`, are directly derived from user requests. There are no instructions for sanitizing or escaping this user-provided input before it is passed to the shell. This creates a critical command injection vulnerability, allowing a malicious user to execute arbitrary commands on the host system by injecting shell metacharacters (e.g., `&&`, `||`, `;`, `$()`) into their input. Implement robust input sanitization and escaping for all user-provided values that are used in shell commands. Use a safe command execution mechanism that automatically escapes arguments, or explicitly instruct the agent to escape all user-controlled parameters (e.g., using `shlex.quote` in Python or similar language-specific functions) before constructing and executing shell commands. | Unknown | SKILL.md:120 | |
| HIGH | Excessive Permissions and Broad File System Access The skill instructs the agent to perform a wide range of actions including executing `nx generate` (which can create, modify, or delete files and install dependencies), running `nx format`, `nx lint`, `nx test`, and `nx build` commands. It also instructs the agent to read various files and directories within the repository (e.g., `node_modules`, `tools/generators/`, existing project artifacts) to understand context and generator source code. This grants the agent extensive read/write and execution permissions over the entire codebase without any defined scope limitations or sandboxing, which is excessive for a code generation skill and poses a significant risk if compromised. Implement a more granular permission model for the agent. Restrict the agent's filesystem access to only the necessary directories and file types. Consider sandboxing the execution environment for `nx generate` and other shell commands to limit their impact. Clearly define and enforce the boundaries of what the agent is allowed to modify or execute. | Unknown | SKILL.md:120 | |
| MEDIUM | Potential Data Exfiltration via Repository Context and Error Messages The skill instructs the agent to read various files and repository context, including generator source code from `node_modules` or local directories, `generators.json` files, and to examine existing codebase patterns (e.g., file structures, naming conventions, configurations). It also instructs the agent to 'Diagnose the error' and 'Read the error message carefully' during failures. While not explicitly instructing to send this data to the user, the agent's access to potentially sensitive internal repository information and detailed error messages creates a risk of inadvertent data exfiltration if this information is relayed to the user without proper filtering or redaction. Add explicit instructions to filter, redact, or summarize sensitive information obtained from reading files, repository context, or error messages before presenting it to the user. Ensure that raw file contents, detailed configuration, or verbose error messages are not directly exposed unless explicitly requested by the user and deemed safe. | Unknown | SKILL.md:63 | |
| MEDIUM | Supply Chain Risk from Unvetted Nx Plugins/Generators The skill instructs the agent to discover and utilize `nx` plugins and generators, including those from `node_modules` (e.g., via `npx nx list` and reading `generators.json` from installed plugins). There are no explicit instructions for the agent to verify the security, authenticity, or integrity of these third-party components before recommending or using them. This introduces a supply chain risk, as a compromised or malicious `nx` plugin could be used to inject vulnerabilities into the generated code or execute malicious actions within the repository. Add instructions for the agent to verify the source, integrity (e.g., checksums, trusted registries), and known vulnerabilities of `nx` plugins and generators before recommending or using them. Implement a whitelist of approved plugins or require human approval for the introduction of new, unvetted plugin usage. | Unknown | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/3fa6317cea826818)
Powered by SkillShield