gitnexus-impact-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
gitnexuscommand-line tool via the Bash tool to perform impact analysis and change detection tasks.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from code repositories.\n - Ingestion points: The
gitnexustool reads symbol names, file paths, and git diffs from the local code repository (referenced in SKILL.md).\n - Boundary markers: There are no specific delimiters or instructions provided to prevent the agent from obeying instructions embedded in the tool's output.\n
- Capability inventory: The skill utilizes the Bash tool to run various
gitnexuscommands (impact, detect-changes, status, analyze), which could be influenced by malicious code contents.\n - Sanitization: No sanitization or validation of the repository data or tool output is mentioned before the agent processes and assesses the risk levels.
Audit Metadata