gitnexus-exploring

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions suggest running npx gitnexus analyze in the terminal to resolve staleness in the knowledge graph index.
  • [EXTERNAL_DOWNLOADS]: The suggested npx command downloads and executes the gitnexus package from the public npm registry.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion and analysis of external repository data, creating an indirect prompt injection attack surface. Malicious instructions hidden in source code or documentation could attempt to influence agent behavior.
  • Ingestion points: Repository source files and symbol metadata accessed through gitnexus:// resources.
  • Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore embedded commands within the analyzed code.
  • Capability inventory: Terminal access for indexing and specialized tools for querying symbols and execution flows.
  • Sanitization: Not specified in the provided instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 10:57 PM
Security Audit — agent-trust-hub — gitnexus-exploring