Nexus
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a robust orchestrator that prioritizes safety through a multi-tier guardrail system. It explicitly requires human confirmation for all L4 security triggers, destructive actions, and significant file modifications, even when operating in autonomous modes.\n- [COMMAND_EXECUTION]: The skill utilizes local Git commands, such as
git status --porcelainandgit log --oneline, to assess project health and context. These commands are static, informational in nature, and limited to project metadata retrieval.\n- [PROMPT_INJECTION]: The skill processes untrusted data from user requests and outputs from specialist agents, which inherently presents an indirect prompt injection surface. This is successfully mitigated through the following measures:\n - Ingestion points: User task requests in
SKILL.md, inter-agent communications viareferences/handoff-validation.md, and project state scans inreferences/proactive-mode.md.\n - Boundary markers: Mandatory enforcement of structured
NEXUS_HANDOFF_V2schemas for all agent-to-agent and agent-to-hub communications to prevent payload confusion.\n - Capability inventory: Task decomposition, delegation to specialists, and project metadata retrieval via Git.\n
- Sanitization: Continuous L1-L4 guardrail monitoring and specific logic to identify and disregard prompt injection markers (e.g., 'Ignore previous instructions').
Audit Metadata