Skills
skills/abhigyanpatwari/gitnexus/gitnexus-pr-review/Gen Agent Trust Hub

gitnexus-pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the processing of untrusted data.
  • Ingestion points: Pull request diffs are fetched using 'gh pr diff' in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the fetched diff content as untrusted data or to ignore instructions within it.
  • Capability inventory: The skill has the capability to execute shell commands ('gh', 'npx') and read repository state.
  • Sanitization: No sanitization or filtering is performed on the pull request content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill executes command-line tools to perform its analysis.
  • Evidence: Uses 'gh pr diff' to retrieve pull request data.
  • Evidence: Executes 'npx gitnexus analyze' to update its code index.
  • [EXTERNAL_DOWNLOADS]: The skill downloads and executes the GitNexus CLI tool.
  • Evidence: Recommends running 'npx gitnexus analyze'. This is a vendor-owned resource associated with 'abhigyanpatwari' and is documented here as part of the skill's standard operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 06:52 AM