gitnexus-exploring
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local script file at
.gitnexus/run.cjsif the index is stale. Executing code from a hidden project directory is a security risk as the script's behavior is opaque and not verified within the skill's instructions.- [PROMPT_INJECTION]: The skill is designed to read and analyze codebase content which acts as untrusted external data, creating a surface for Indirect Prompt Injection attacks.\n - Ingestion points: Local source files and resources accessed via the
gitnexus://protocol (e.g.,gitnexus://repo/{name}/process/{name}).\n - Boundary markers: The skill does not define delimiters or provide instructions to the agent to ignore potentially malicious content embedded in the codebase.\n
- Capability inventory: The skill possesses the capability to execute terminal commands (
node) and perform deep-dive reads into project symbols and file contents.\n - Sanitization: No sanitization or validation mechanisms are mentioned for the content retrieved from the indexed repositories.
Audit Metadata