gitnexus-cli
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill functions by executing shell commands through
npx, allowing the agent to analyze repositories, check status, and generate wikis.\n- [EXTERNAL_DOWNLOADS]: Themcp.jsonfile configures the environment to download and run the latestgitnexuspackage from the NPM registry usingnpx -y gitnexus@latest.\n- [DATA_EXFILTRATION]: Thewikicommand features a--gistflag that allows the agent to publish generated documentation to a public GitHub Gist, which could lead to unintended disclosure of codebase structure or logic.\n- [DATA_EXFILTRATION]: The tool accesses and manages sensitive configuration files in the user's home directory (~/.gitnexus/config.jsonand~/.gitnexus/registry.json), which may store API keys and repository paths.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it parses all source files in a repository to build a knowledge graph.\n - Ingestion points: Source files processed during
npx gitnexus analyzeas described inSKILL.md.\n - Boundary markers: Absent; there are no specified delimiters or instructions for the agent to ignore directives embedded within the processed code.\n
- Capability inventory: The agent can execute shell commands and modify the local filesystem based on output from the tool.\n
- Sanitization: No sanitization of ingested code content is documented before it is used for indexing or LLM-based documentation generation.
Audit Metadata