grep-app
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash helper function
grep-appinscripts/grep-app.shthat wrapscurl. It uses--data-urlencodeto safely pass user-provided queries and filters to the API, preventing command injection via the URL. - [EXTERNAL_DOWNLOADS]: The skill performs HTTP GET requests to
https://grep.app/api/searchusingcurl. This is the primary intended purpose of the skill and targets a well-known public code search service. - [SAFE]: The shell scripts include standard practices such as
set -euo pipefailin the test script and proper shell sourcing checks in the helper script. No sensitive file access, credential theft, or persistence mechanisms were detected.
Audit Metadata