The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses npx -y gitnexus@latest within the MCP configuration to download and execute code from the npm registry. Since the package is from an unverified third-party source and uses the @latest tag, it executes arbitrary remote code without version pinning or integrity checks.
[DATA_EXFILTRATION]: The wiki command includes a --gist flag that publishes generated repository documentation to a public GitHub Gist. This functionality creates a risk of accidental data exposure if internal code structures, logic, or sensitive information are included in the generated wiki.
[CREDENTIALS_UNSAFE]: The skill is designed to store LLM API keys in a predictable local configuration file at ~/.gitnexus/config.json. Storing sensitive tokens in plaintext at a fixed location makes them susceptible to harvesting by other malicious scripts or skills.
[COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands that interact with the local filesystem, such as building indexes, cleaning directories, and listing registered repositories.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it indexes entire source code repositories to build a knowledge graph.
Ingestion points: Local source files parsed by the npx gitnexus analyze command into the .gitnexus/ directory.
Boundary markers: None; there are no instructions for the agent to ignore or isolate potential commands embedded within the indexed codebase.
Capability inventory: The agent can execute shell commands, perform filesystem operations, and make network requests (via the wiki generation and Gist publishing features).
Sanitization: The skill lacks mechanisms to sanitize content indexed from the repository before it is processed by the agent or the LLM.

gitnexus-cli