gitnexus-exploring

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local script file at .gitnexus/run.cjs if the index is stale. Executing code from a hidden project directory is a security risk as the script's behavior is opaque and not verified within the skill's instructions.- [PROMPT_INJECTION]: The skill is designed to read and analyze codebase content which acts as untrusted external data, creating a surface for Indirect Prompt Injection attacks.\n
  • Ingestion points: Local source files and resources accessed via the gitnexus:// protocol (e.g., gitnexus://repo/{name}/process/{name}).\n
  • Boundary markers: The skill does not define delimiters or provide instructions to the agent to ignore potentially malicious content embedded in the codebase.\n
  • Capability inventory: The skill possesses the capability to execute terminal commands (node) and perform deep-dive reads into project symbols and file contents.\n
  • Sanitization: No sanitization or validation mechanisms are mentioned for the content retrieved from the indexed repositories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 06:16 PM
Security Audit — agent-trust-hub — gitnexus-exploring