gitnexus-cli

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill functions by executing shell commands through npx, allowing the agent to analyze repositories, check status, and generate wikis.\n- [EXTERNAL_DOWNLOADS]: The mcp.json file configures the environment to download and run the latest gitnexus package from the NPM registry using npx -y gitnexus@latest.\n- [DATA_EXFILTRATION]: The wiki command features a --gist flag that allows the agent to publish generated documentation to a public GitHub Gist, which could lead to unintended disclosure of codebase structure or logic.\n- [DATA_EXFILTRATION]: The tool accesses and manages sensitive configuration files in the user's home directory (~/.gitnexus/config.json and ~/.gitnexus/registry.json), which may store API keys and repository paths.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it parses all source files in a repository to build a knowledge graph.\n
  • Ingestion points: Source files processed during npx gitnexus analyze as described in SKILL.md.\n
  • Boundary markers: Absent; there are no specified delimiters or instructions for the agent to ignore directives embedded within the processed code.\n
  • Capability inventory: The agent can execute shell commands and modify the local filesystem based on output from the tool.\n
  • Sanitization: No sanitization of ingested code content is documented before it is used for indexing or LLM-based documentation generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:15 AM
Security Audit — agent-trust-hub — gitnexus-cli