file-search
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it processes untrusted file content from the codebase. 1. Ingestion points: Reads codebase files using the Read, Grep, and Bash tools (SKILL.md). 2. Boundary markers: No delimiters or instructions are provided to the agent to disregard instructions embedded in the searched data. 3. Capability inventory: Access to Bash, Read, Grep, and Glob tools (SKILL.md) provides a powerful execution environment if the agent follows data-embedded instructions. 4. Sanitization: No validation or escaping of the retrieved file content is performed.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for searching tasks. While this is consistent with the skill's stated purpose, the shell environment provides a broad capability that could be misused if the agent is influenced by malicious instructions encountered during file exploration.
Audit Metadata