gitnexus-debugging
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to execute
npx gitnexus analyzein the terminal to maintain a fresh index of the codebase. - [EXTERNAL_DOWNLOADS]: The use of the
npxcommand involves downloading thegitnexuspackage from the public npm registry. This package corresponds to the skill's primary vendor functionality. - [PROMPT_INJECTION]: The skill accepts untrusted data, such as error messages and user-supplied queries, which creates a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the
queryparameter in thegitnexus_queryandgitnexus_cyphertools. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat input data as inert or to ignore embedded instructions.
- Capability inventory: The skill's tools focus on informational retrieval of code structure, call graphs, and process flows (
gitnexus_query,gitnexus_context,gitnexus_cypher). - Sanitization: No input validation or sanitization mechanisms are described for the queries processed by the skill.
Audit Metadata