nexus-mapper
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (
extract_ast.py,git_detective.py, andquery_graph.py) and the systemgitbinary to analyze the target repository. Technical review of the Python source code confirms that these commands are executed usingsubprocess.runwith list-based arguments, which is a secure method that prevents shell injection attacks. - [PROMPT_INJECTION]: The skill contains a 'Persistent Instructions' section that directs the agent to store operational rules in shared memory files such as
AGENTS.mdorCLAUDE.md. While this modifies the agent's long-term behavior guidelines, it is a transparently documented feature intended for session continuity and does not attempt to bypass core safety or ethical constraints. - [DATA_EXFILTRATION]: Although the skill processes local codebase data, it does not include any network-capable modules or external transmission logic. The analysis scripts output data to the local file system (
.nexus-map/) or to the standard output for the agent's internal use. Furthermore, the skill's instructions explicitly caution against copying sensitive information like environment variables or secrets.
Audit Metadata