Skills
skills/abhigyanpatwari/gitnexus/gitnexus-refactoring/Gen Agent Trust Hub

gitnexus-refactoring

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The mcp.json file configures the agent to download the gitnexus package from the npm registry at runtime using npx.
  • [REMOTE_CODE_EXECUTION]: The skill executes external code by running npx -y gitnexus@latest mcp, which fetches and runs the most recent version of the package without a fixed version pin.
  • [COMMAND_EXECUTION]: The gitnexus_rename tool provides functionality for automated modification of multiple files in the local filesystem, allowing the agent to perform broad changes to the project.
  • [COMMAND_EXECUTION]: Instructions in SKILL.md suggest that the user run npx gitnexus analyze in their terminal, which executes an external binary on the host system.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes codebase content (untrusted data) and uses it to generate file modification plans.
  • Ingestion points: Codebase analysis tools like gitnexus_impact, gitnexus_query, and gitnexus_context read source code from the local environment into the agent context.
  • Boundary markers: No explicit markers or instructions to ignore embedded commands in the processed code are present.
  • Capability inventory: The skill possesses file-write capabilities through gitnexus_rename and provides terminal execution instructions.
  • Sanitization: There is no evidence of sanitization or validation of the content read from the codebase before it influences the agent's actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 11:28 AM