gitnexus-debugging
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill mentions the command
npx gitnexus analyzeas a troubleshooting step, which involves downloading and executing thegitnexuspackage from the npm registry. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external data from the repository's source code and call graphs via the GitNexus tools. Malicious content within the analyzed repository could potentially influence the agent's context.
- Ingestion points: Data returned from
gitnexus_query,gitnexus_context, andgitnexus_cypher(specifically repository metadata and trace results). - Boundary markers: No delimiters or explicit instructions to ignore embedded content are present in the documentation.
- Capability inventory: The instructions focus on read-only operations for debugging; no dangerous capabilities like file modification or unauthorized network requests are demonstrated.
- Sanitization: No sanitization of the repository data is described.
Audit Metadata