gitnexus-exploring

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent or user to execute npx gitnexus analyze in the terminal to update stale codebase indices, which runs code on the local environment.
  • [EXTERNAL_DOWNLOADS]: The command npx gitnexus analyze fetches the gitnexus package from the public npm registry. The skill does not pin the package version or verify its integrity before execution.
  • [PROMPT_INJECTION]: The skill ingests codebase metadata and execution flows from the GitNexus knowledge graph, creating a vulnerability to indirect prompt injection if the analyzed codebase contains malicious content.
  • Ingestion points: Codebase stats, functional area descriptions, and execution traces are loaded via the gitnexus:// resource scheme.
  • Boundary markers: No explicit markers or 'ignore' instructions are provided to delimit the ingested data from the agent's core instructions.
  • Capability inventory: The skill includes tools to query the knowledge graph and instructions to read source files (e.g., Read src/payments/processor.ts).
  • Sanitization: The skill does not define any sanitization or filtering logic for the data retrieved from the codebase knowledge graph.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 05:21 PM
Security Audit — agent-trust-hub — gitnexus-exploring