nexus-project-setup
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential indirect prompt injection surface detected. The skill ingests untrusted data (idea title, description, and acceptance criteria) from an external source via the 'probe action show' command and interpolates it into shell commands and messages. Maliciously crafted idea content could attempt to influence the agent's behavior or cause command injection.
- Ingestion points: SKILL.md (Workflow steps 1 and 2 fetch data from an external action/idea system)
- Boundary markers: Absent. The skill uses shell quoting (double quotes) but does not provide explicit instructions to the model to ignore embedded instructions within the idea content.
- Capability inventory: The skill has capabilities to create GitHub repositories (gh repo create), create projects (probe project create), and send messages (probe message send).
- Sanitization: Absent. There is no mention of validating or escaping the idea content before it is used in command-line arguments.
Audit Metadata