gitnexus-debugging

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill mentions the command npx gitnexus analyze as a troubleshooting step, which involves downloading and executing the gitnexus package from the npm registry.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external data from the repository's source code and call graphs via the GitNexus tools. Malicious content within the analyzed repository could potentially influence the agent's context.
  • Ingestion points: Data returned from gitnexus_query, gitnexus_context, and gitnexus_cypher (specifically repository metadata and trace results).
  • Boundary markers: No delimiters or explicit instructions to ignore embedded content are present in the documentation.
  • Capability inventory: The instructions focus on read-only operations for debugging; no dangerous capabilities like file modification or unauthorized network requests are demonstrated.
  • Sanitization: No sanitization of the repository data is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 09:09 AM
Security Audit — agent-trust-hub — gitnexus-debugging