gitnexus-refactoring
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the execution of a local JavaScript file via Node.js to update the search index.
- Evidence: The workflow section contains the instruction:
node .gitnexus/run.cjs analyze. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests and processes untrusted project source code to perform automated refactoring.
- Ingestion points: The
impact(),query(),context(), andcypher()tools read code structure and content from the local workspace. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard natural language instructions that might be embedded in code comments or string literals within the processed files.
- Capability inventory: The skill has high-impact capabilities, specifically the
rename()tool which can perform multi-file edits across the repository, and the ability to trigger local script execution. - Sanitization: No sanitization or validation of the ingested code content is described before it is used to influence the agent's refactoring plan.
Audit Metadata