Skills
skills/shunsukehayashi/miyabi-claude-plugins/gitnexus-cli/Gen Agent Trust Hub

gitnexus-cli

Warn

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx gitnexus to fetch and execute code from the npm registry, creating a dependency on an external third-party package that is not maintained by a recognized trusted organization.
  • [COMMAND_EXECUTION]: Several CLI commands are provided for repository management, including analyze, status, and clean, which perform local file system operations.
  • [DATA_EXFILTRATION]: The wiki command provides a --gist flag that publishes repository documentation to a public GitHub Gist, potentially exposing internal code logic, project metadata, or sensitive summaries.
  • [CREDENTIALS_UNSAFE]: The skill manages LLM API keys by storing them locally in ~/.gitnexus/config.json and suggests the use of the OPENAI_API_KEY environment variable, which are sensitive credentials.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 5, 2026, 12:31 AM