gitnexus-impact-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill mentions the manual execution of
npx gitnexus analyzein the user's terminal to update analysis data. This pattern involves downloading and executing thegitnexustool from the public npm registry, which is a standard procedure for this type of development utility. - [PROMPT_INJECTION]: The skill processes external data derived from code analysis, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the context via the
gitnexus_impactandgitnexus_detect_changestools, as well as thegitnexus://URI scheme used for reading process metadata. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the analysis workflow.
- Capability inventory: The skill uses tools to lookup symbols, map dependencies, and analyze git diffs to calculate risk levels.
- Sanitization: No explicit sanitization or validation of the structured analysis data is described in the skill instructions.
Audit Metadata