semantic-search
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing
odino, a third-party CLI tool, viapipx. This package does not originate from a trusted or well-known organization as defined in the security policy. - [COMMAND_EXECUTION]: Bash command templates provided in
SKILL.mdand the reference guides (e.g.,odino query -q "$QUERY") directly interpolate variables derived from user input into shell commands. This pattern is susceptible to command injection if a malicious user provides a query containing shell metacharacters. - [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting untrusted data from the user's codebase during search operations.
- Ingestion points:
odino queryoutput tables and subsequentreadorcatoperations on files discovered via semantic search. - Boundary markers: Absent. The skill does not implement delimiters or instructions to ignore potential commands embedded within the code or documentation it searches.
- Capability inventory: The skill utilizes
Bash(allowing arbitrary command execution) andReadtools. - Sanitization: Absent. No logic is provided to escape or validate the contents of the files before they are presented to or processed by the agent.
- [DATA_EXFILTRATION]: The skill's design explicitly encourages searching for sensitive information, with search patterns specifically targeting "API key validation" and "password hashing and verification." This increases the risk of sensitive credentials being exposed in the agent's context or conversation history.
Audit Metadata