gitnexus-exploring

Warn

Audited by Snyk on Jun 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Steps 1–5 read gitnexus://repos, gitnexus://repo/{name}/context, gitnexus_query, gitnexus_context, and gitnexus://repo/{name}/process/{name}, which are derived from the contents of git repositories (i.e., code/text authored by outsiders) that the LLM ingests as readable prose during the codebase exploration workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime READs from gitnexus:// URLs (e.g., gitnexus://repos, gitnexus://repo/{name}/context, gitnexus://repo/{name}/process/{name}) whose fetched content is injected into the agent context and used to drive prompts/analysis, making them required external dependencies that control the agent's behavior.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 10:57 PM
Issues
2
Security Audit — snyk — gitnexus-exploring