Skills
skills/shunsukehayashi/miyabi-claude-plugins/gitnexus-impact-analysis/Gen Agent Trust Hub

gitnexus-impact-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the user or agent to run npx gitnexus analyze in the terminal to refresh the analysis data when the index becomes stale.
  • [EXTERNAL_DOWNLOADS]: The use of npx involves downloading the gitnexus package from the public npm registry.
  • [REMOTE_CODE_EXECUTION]: Executing the npx gitnexus analyze command downloads and runs code from a remote package registry.
  • [PROMPT_INJECTION]: The skill analyzes external content from the repository, including symbols and process flows, which represents an indirect prompt injection surface.
  • Ingestion points: Untrusted data is ingested from the repository through gitnexus_detect_changes and symbol mapping tools.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the ingested content.
  • Capability inventory: The skill identifies symbol blast radii and affected execution paths across the project.
  • Sanitization: The skill does not perform sanitization or validation of the repository data before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 12:31 AM