gitnexus-refactoring
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The mcp.json file configures the agent to download the gitnexus package from the npm registry using npx.
- [REMOTE_CODE_EXECUTION]: The command npx -y gitnexus@latest mcp executes code from an unvetted external source at runtime; the use of @latest avoids version pinning, making the skill's behavior dependent on the current state of the remote repository.
- [COMMAND_EXECUTION]: The gitnexus_rename tool allows the agent to perform automated, multi-file writes and modifications to the local filesystem.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted codebase data. Ingestion points: local code is read via gitnexus_query and gitnexus_context in SKILL.md. Boundary markers: None are defined to separate code data from instructions. Capability inventory: gitnexus_rename provides file-write access. Sanitization: There is no validation or sanitization of the analyzed code content before it is processed by the agent.
Audit Metadata