gitnexus-guide
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation includes the command
npx gitnexus analyzeto update the codebase index. This is a manual instruction for the user to maintain the tool's data freshness. - [EXTERNAL_DOWNLOADS]: Mentions the
gitnexuspackage, which is fetched from the npm registry. This is the official vendor package for the skill. - [PROMPT_INJECTION]: The skill defines a surface for processing untrusted codebase data. 1. Ingestion points: Codebase files and graph queries via tools like
queryandcypher; 2. Boundary markers: Not mentioned; 3. Capability inventory: Command execution vianpx gitnexus analyze; 4. Sanitization: Not mentioned. This setup is typical for codebase analysis tools and does not indicate malicious intent.
Audit Metadata