nexus
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
skill-from-codebasefunctionality is susceptible to indirect prompt injection because it derives instructions for the AI agent directly from scanning the repository codebase and git history. - Ingestion points: Scans the full repository and processes git history from
last_generated_commit..HEADas specified inskill-from-codebase/SKILL.md. - Boundary markers: No specific markers or delimiters are defined to isolate data-derived content from instruction-based content in the generated
SKILL.md. - Capability inventory: The skill performs file system writes at the repository root and executes shell-based git commands.
- Sanitization: While it utilizes a 'Validator Subagent' for quality gates like broken links, there is no explicit sanitization logic to detect or neutralize malicious instructions embedded in the scanned source code.
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands to perform repository analysis.
- Evidence:
skill-from-codebase/SKILL.mdmandates the use ofgit status --porcelainandgit diffto determine impact analysis and gate the documentation refresh process.
Audit Metadata