code-search
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation describes a legitimate process for performing GitHub searches. It utilizes internal platform functions to build queries, execute searches, and parse findings.
- [PROMPT_INJECTION]: The skill processes external data retrieved from GitHub, which represents a potential surface for indirect prompt injection. This is a common characteristic of search-based tools and no malicious logic was detected.
- Ingestion points: Data from GitHub search results processed via
parse_github_resultandbuild_github_api_search(SKILL.md). - Boundary markers: No specific delimiters or boundary instructions are defined in the workflow steps.
- Capability inventory: The skill does not include any scripts that perform subprocess calls, file writes, or network requests outside of the search tools themselves.
- Sanitization: The instructions do not specify any validation or sanitization steps for the external data before it is ranked and returned.
Audit Metadata