Skills
skills/terrylica/cc-skills/impact/Gen Agent Trust Hub

impact

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the gitnexus CLI and standard git commands via the Bash tool to resolve repository paths and perform symbol impact analysis.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to run the gitnexus tool, which may result in downloading the package from the public npm registry if it is not already available in the environment.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it interpolates user-provided symbol names, UIDs, and file paths into bash command templates. Ingestion points: <symbol>, <full-uid>, and <file-path> placeholders within SKILL.md. Boundary markers: The instructions wrap user inputs in double-quotes within the shell commands. Capability inventory: Use of the Bash tool for command execution. Sanitization: The skill relies on basic shell quoting without explicit input validation or sanitization logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 10:35 AM