file-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill exhibits an Indirect Prompt Injection surface (Category 8) by processing file system data through command-line tools without explicit sanitization.\n
- Ingestion points: Local filenames and file content are ingested via
fdandripgrepoutputs.\n - Boundary markers: Documentation does not include explicit boundary markers or delimiters between tool outputs and subsequent commands.\n
- Capability inventory: The skill leverages
xargs,fd -x, andfzf --bindto execute shell commands, including file modification and git operations.\n - Sanitization: While the patterns do not use null-terminators or shell-escaping for untrusted filenames, this is identified as a best-practice observation rather than a malicious defect, as the behavior is inherent to the primary function of the documented developer utilities.
Audit Metadata