Skills
skills/garagon/nanostack/nano-run/Gen Agent Trust Hub

nano-run

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell scripts (init-config.sh, init-stack.sh, init-project.sh) located within the user's home directory (~/.claude/skills/nanostack/bin/) to initialize the configuration and environment for the user.
  • [PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection as it ingests data from local project files to determine the project type.
  • Ingestion points: Reads contents of package.json, go.mod, and requirements.txt as described in Step 2 of SKILL.md.
  • Boundary markers: None identified in the prompt instructions when reading these files.
  • Capability inventory: The skill can execute local shell scripts and invoke other capabilities like the think and feature skills.
  • Sanitization: No specific sanitization or filtering of the file contents is described before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 06:45 AM