find-replace
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute CLI utilities like sd, rg, and fd. Documentation includes unquoted command substitution patterns (e.g., $(rg -l ...)) which could be exploited for command injection if operating on maliciously named files.
- [DATA_EXFILTRATION]: Advanced patterns provide instructions for modifying sensitive configuration files, such as environment variables in .env files, which constitutes a credential exposure surface.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the third-party sd tool via well-known package managers like Homebrew and Cargo.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by design. Ingestion points: Reads file contents using cat, rg, and fd (SKILL.md, advanced-patterns.md). Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the processed data. Capability inventory: Ability to write to the filesystem and execute shell commands (SKILL.md). Sanitization: Absent; no validation or escaping is applied to patterns or file contents.
Audit Metadata