code-search
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the 'bunx' utility which, by default, downloads the 'codebasesearch' package from the npm registry if it is not already present in the environment.- [REMOTE_CODE_EXECUTION]: The use of 'bunx' results in the execution of remotely-sourced code from a public package registry at runtime.- [COMMAND_EXECUTION]: The skill explicitly allows the execution of bash commands through the 'Bash(bunx codebasesearch*)' tool configuration.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from the codebase, which is considered untrusted external data.
- Ingestion points: Files within the codebase searched by the 'codebasesearch' utility.
- Boundary markers: No delimiters or instructions are provided to the agent to distinguish between codebase content and system instructions.
- Capability inventory: The skill is permitted to execute bash commands.
- Sanitization: There is no logic to sanitize or filter potential instructions embedded within the codebase files before they are read by the agent.
Audit Metadata