nx-multi-repo-migrate
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The skill delegates per-repo work to Polygraph child agents (
spawn_agent), and those agents will read outsider-authored repo contents (e.g., lockfiles/package.json/source files from repos not authored by the operating user) into the LLM context during analysis/migration, which is indirect prompt-injection exposure.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill runs package-manager installs (npm/pnpm/yarn/bun) that fetch code from the npm registry (e.g. https://registry.npmjs.org/) and then runs nx migrations (executing code from those fetched packages) and also fetches repository data via git remotes (e.g. git@github.com:org/repo.git), so remote content is fetched and executed at runtime.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly advises disabling the agent sandbox and editing agent config files (~/.polygraph/config.json, ~/.claude/settings.json) to work around pnpm sandbox/EPERM failures, which is an instruction to bypass a security mechanism and thus compromises the machine's protection; other actions (installs, git pushes) are project-scoped but the sandbox-disable advice makes this high-risk.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata