gitnexus-exploring
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to download the 'gitnexus' package from the npm registry at runtime using the 'npx -y' command within the MCP server configuration.
- [REMOTE_CODE_EXECUTION]: The 'mcp.json' file defines an MCP server that executes the 'gitnexus' package directly from the npm registry, which constitutes remote code execution of a third-party dependency.
- [COMMAND_EXECUTION]: The 'SKILL.md' file instructs the user to run 'npx gitnexus analyze' in the terminal to update stale indexes, which involves executing code downloaded from a remote repository.
- [PROMPT_INJECTION]: The skill processes data from external codebases through resources like 'gitnexus://repo/{name}/context' and tools like 'gitnexus_query'. This creates a surface for indirect prompt injection if the analyzed repository contains malicious instructions designed to influence the agent's behavior.
- Ingestion points: Data enters the agent via 'gitnexus://' resource URIs and tool outputs from 'gitnexus_query' and 'gitnexus_context' (SKILL.md).
- Boundary markers: No specific delimiters or safety instructions are provided to the agent to ignore instructions embedded within the codebase data.
- Capability inventory: The skill possesses the capability to execute shell commands via 'npx' as defined in 'mcp.json'.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the repositories before it is presented to the agent.
Audit Metadata