nano
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local utility scripts located at
~/.claude/skills/nanostack/bin/(specificallyfind-artifact.sh,find-solution.sh, andsave-artifact.sh) to retrieve planning context and persist state. - [EXTERNAL_DOWNLOADS]: The skill provides documentation and instructions for using established development tools and libraries from well-known providers (e.g., Clerk, Vercel, Supabase, Stripe) via standard package managers like
npx. These references are informative and target official services. - [PROMPT_INJECTION]: The skill processes potentially untrusted data from project files (e.g.,
package.json,.nanostack/stack.json) and outputs from previous agent steps to define the implementation scope. - Ingestion points: Project artifacts retrieved via
find-artifact.sh, historical solutions fromfind-solution.sh, and local configuration files such asstack.json. - Boundary markers: There are no explicit instructions to use delimiters or 'ignore instructions' markers when reading data from external files or script outputs.
- Capability inventory: The skill can execute local shell scripts and orchestrate the invocation of other automated skills (
review,security,qa,ship) using the Skill tool. - Sanitization: The skill does not define specific validation or sanitization procedures for the content of the files it ingests.
Audit Metadata