The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The 'mcp.json' configuration automatically downloads and executes the 'gitnexus' package from the public NPM registry using 'npx -y gitnexus@latest mcp'. This execution of unvetted, unversioned code from an external source occurs during the initialization of the MCP server.
[EXTERNAL_DOWNLOADS]: Commands described in 'SKILL.md', such as 'analyze', 'status', and 'clean', utilize 'npx' to fetch and run the 'gitnexus' tool from an external package registry at runtime.
[DATA_EXFILTRATION]: The 'wiki' command features a '--gist' flag that publishes generated repository documentation to a public GitHub Gist. This creates a risk of exposing sensitive codebase logic, architecture, or metadata to the public web.
[COMMAND_EXECUTION]: The skill facilitates the execution of shell commands through 'npx' that perform intrusive operations, including file system modifications (creating '.gitnexus/' directories) and deleting files via the 'clean' command.
[PROMPT_INJECTION]: The skill processes untrusted local source files to build a knowledge graph, presenting a surface for indirect prompt injection. \n
Ingestion points: Local repository source files analyzed by the 'analyze' command. \n
Boundary markers: Absent; instructions do not specify any delimiters to separate code content from instructions. \n
Capability inventory: File system writes, network access (for LLM and GitHub Gist APIs), and subprocess execution. \n
Sanitization: Absent; the tool is described as parsing all source files without validation or filtering of malicious patterns in comments or strings.

gitnexus-cli