searching-sourcegraph
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or direct security threats were detected. The skill consists entirely of instructional Markdown documentation for code search workflows.
- [NO_CODE]: The skill does not include any scripts or executable code, which eliminates the risk of direct command execution or local file system abuse.
- [PROMPT_INJECTION]: The skill is designed to ingest and process data from external codebases, which creates an attack surface for indirect prompt injection via malicious code comments.
- Ingestion points: Data retrieved through Sourcegraph search tools like
sg_read_fileandsg_keyword_searchacross all provided workflow files. - Boundary markers: Absent; the instructions do not implement delimiters or warnings to ignore instructions found within the code being analyzed.
- Capability inventory: The agent can search and read any file content indexed by the Sourcegraph instance.
- Sanitization: Absent; the agent is encouraged to analyze and explain retrieved code content without prior filtering for instructions.
Audit Metadata