update-nexus
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill is designed to fetch updates from 'https://github.com/beamanalytica/Nexus-v4.git'. Because the repository is not on the trusted external sources list, and the update process modifies core system scripts and other skills, this creates a high-risk Remote Code Execution vector.
- [Command Execution] (MEDIUM): The skill executes local Python scripts using subprocess calls to perform synchronization and version management, which includes modifying files and accessing the network.
- [Indirect Prompt Injection] (LOW): The skill provides an attack surface for indirect prompt injection via the remote repository. Evidence Chain: 1. Ingestion points: Remote GitHub repository (beamanalytica/Nexus-v4). 2. Boundary markers: Absent; no validation of downloaded content before execution. 3. Capability inventory: File system writing to core directories, command execution via 'python', and network access. 4. Sanitization: Absent; the skill performs a forced sync of external data.
Recommendations
- AI detected serious security threats
Audit Metadata