Skills
skills/alexei-led/claude-code-config/searching-code/Gen Agent Trust Hub

searching-code

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): The tool mcp__morphllm__warpgrep_codebase_search accepts a repo_path parameter as an absolute path. This capability allows the agent to access and read content from any directory the host process has permissions for, including sensitive areas like ~/.ssh, /etc, or environment configuration files, without restricted scoping to a specific project directory.\n- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and reason over external content (source code). There are no boundary markers or sanitization processes defined to prevent the agent from obeying malicious instructions embedded in the code it retrieves. An attacker could place comments or strings in a repository that, when searched, take control of the agent's logic.\n
  • Ingestion points: Snippets retrieved via mcp__morphllm__warpgrep_codebase_search from the provided repo_path.\n
  • Boundary markers: Absent in the skill instructions.\n
  • Capability inventory: Access to tools like Read, Grep, and mcp__morphllm__warpgrep_codebase_search allows the agent to explore and export data based on search hits.\n
  • Sanitization: No filtering or sanitization of search results is implemented.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:41 AM