gitnexus-cli
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to run
npx gitnexus, which fetches and executes code from the npm registry at runtime. - [COMMAND_EXECUTION]: The skill utilizes shell command execution for all its primary functions, such as
npx gitnexus analyze,status, andwiki, which execute the downloaded package's logic on the local system. - [DATA_EXFILTRATION]: The
wikicommand includes a--gistflag that allows publishing repository documentation to a public GitHub Gist. This poses a risk of exposing proprietary information or sensitive codebase structures to the public internet. - [CREDENTIALS_UNSAFE]: The skill documents that LLM API keys are saved to
~/.gitnexus/config.json. This identifies a specific location for sensitive credentials that could be targeted for exposure. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during the repository analysis phase.
- Ingestion points: The
analyzecommand parses all source files in the project root to build a knowledge graph. - Boundary markers: No boundary markers or instructions to ignore embedded instructions in source files are present.
- Capability inventory: The skill can execute shell commands via
npxand potentially perform network operations via thewikitool's LLM integration and Gist publishing. - Sanitization: There is no evidence of sanitization or validation performed on the source code content before it is processed into the knowledge graph.
Audit Metadata