Skills
skills/shunsukehayashi/miyabi-claude-plugins/gitnexus-refactoring/Gen Agent Trust Hub

gitnexus-refactoring

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted codebase content (source code and symbol names) to determine refactoring actions.
  • Ingestion points: Reads codebase structure and references through tools like gitnexus_query and gitnexus_context (SKILL.md).
  • Boundary markers: No delimiters or instructions to ignore instructions embedded within the code are present.
  • Capability inventory: The skill can execute file-system writes across multiple files via gitnexus_rename (SKILL.md).
  • Sanitization: No sanitization or validation of the ingested code content is documented before it influences the agent's plan.
  • [COMMAND_EXECUTION]: The skill instructs the user to execute the command npx gitnexus analyze to refresh the code index when it becomes stale.
  • [EXTERNAL_DOWNLOADS]: The skill relies on the npx package runner to download and execute the gitnexus utility, which is the core engine for the refactoring operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 12:31 AM