gitnexus-exploring
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions suggest running
npx gitnexus analyzein the terminal to resolve staleness in the knowledge graph index. - [EXTERNAL_DOWNLOADS]: The suggested
npxcommand downloads and executes thegitnexuspackage from the public npm registry. - [PROMPT_INJECTION]: The skill facilitates the ingestion and analysis of external repository data, creating an indirect prompt injection attack surface. Malicious instructions hidden in source code or documentation could attempt to influence agent behavior.
- Ingestion points: Repository source files and symbol metadata accessed through
gitnexus://resources. - Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore embedded commands within the analyzed code.
- Capability inventory: Terminal access for indexing and specialized tools for querying symbols and execution flows.
- Sanitization: Not specified in the provided instructions.
Audit Metadata