building-nango-functions-remotely

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits the user's NANGO_SECRET_KEY and generated TypeScript source code to Nango's official service endpoints (e.g., api.nango.dev). This is the intended and necessary mechanism for authenticating and managing functions on the Nango platform.
  • [COMMAND_EXECUTION]: The workflow involves making structured HTTP POST requests to Nango's remote function endpoints to compile and deploy code, which is standard behavior for interacting with the platform's developer APIs.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes Nango's remote "dryrun" endpoint to execute and validate generated integration code in a sandboxed environment. This is a functional requirement for testing actions and syncs before deployment.
  • [PROMPT_INJECTION]: The skill processes user-supplied API documentation URLs and sample response data to inform its code generation, which represents an indirect prompt injection surface.
  • Ingestion points: External API reference URLs and sample JSON response payloads provided by the user (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: Includes network operations via the Nango SDK and platform-specific remote execution APIs.
  • Sanitization: External documentation is utilized to guide code generation without explicit pre-processing or validation of the content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 03:47 PM
Security Audit — agent-trust-hub — building-nango-functions-remotely