Skills
skills/abhigyanpatwari/gitnexus/gitnexus-cli/Gen Agent Trust Hub

gitnexus-cli

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The mcp.json file configures the agent to run npx -y gitnexus@latest mcp. This command fetches and executes the latest version of the gitnexus package from the npm registry at runtime without version pinning or integrity checks, which could lead to the execution of malicious code if the package or registry is compromised.
  • [CREDENTIALS_UNSAFE]: The documentation for the wiki command states that an LLM API key is required and will be saved to ~/.gitnexus/config.json on first use. Storing credentials in plaintext in a local configuration file exposes them to other local processes and users.
  • [DATA_EXFILTRATION]: The wiki command includes a --gist flag which allows the agent to publish generated repository documentation as a public GitHub Gist. This could result in the unintentional exposure of sensitive internal logic, architectural details, or proprietary information contained within the analyzed codebase.
  • [COMMAND_EXECUTION]: The skill defines several tools that execute shell commands via npx, including analyze, status, clean, and list. These commands perform broad filesystem operations such as deleting directories (.gitnexus/) and writing context files (CLAUDE.md, AGENTS.md).
  • [EXTERNAL_DOWNLOADS]: The MCP server is initialized by downloading the gitnexus package from the npm registry during every startup, creating a dependency on an external, third-party source.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its repository analysis feature.
  • Ingestion points: Local source code files parsed by the analyze command in SKILL.md.
  • Boundary markers: None identified for the resulting knowledge graph or the generated CLAUDE.md and AGENTS.md context files.
  • Capability inventory: The generated context files are explicitly intended to be read by the agent to guide subsequent tasks like debugging and refactoring.
  • Sanitization: There is no indication that the skill filters or sanitizes instructions that might be maliciously embedded in source code comments or strings.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 01:57 AM