Skills
skills/abhigyanpatwari/gitnexus/gitnexus-impact-analysis/Gen Agent Trust Hub

gitnexus-impact-analysis

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The mcp.json file configures the agent to download the gitnexus package from the public NPM registry using npx -y gitnexus@latest. This occurs every time the MCP server is initialized.
  • [REMOTE_CODE_EXECUTION]: By invoking npx, the skill executes code downloaded from a remote repository on the host system. The use of the @latest tag ensures the most recent version is used, which could lead to unexpected behavior if the package is updated or compromised.
  • [COMMAND_EXECUTION]: The skill defines a Model Context Protocol (MCP) server that runs a shell command (npx) to execute the GitNexus tool. The SKILL.md file also encourages users to run npx gitnexus analyze manually in their terminal.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because it ingests and processes untrusted data from local code repositories and execution flow maps (gitnexus://repo/{name}/processes).
  • Ingestion points: Data enters the context via gitnexus_impact results and repository execution flows.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands in the analyzed code are provided.
  • Capability inventory: The skill executes subprocesses via the defined MCP server.
  • Sanitization: There is no evidence of sanitization or filtering of the content analyzed from the target repository before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 11:46 AM