The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions direct the agent to use 'bunx @mixedbread/mgrep', which downloads and executes a package from the npm registry at runtime. The '@mixedbread' organization is not included in the 'Trusted GitHub Organizations' or repositories list.
REMOTE_CODE_EXECUTION (MEDIUM): The use of 'bunx' (similar to npx) constitutes remote code execution as it fetches and runs an executable package. If the package or the registry account were compromised, it would lead to arbitrary command execution on the host system.
DATA_EXFILTRATION (LOW): As a 'semantic search' tool, mgrep likely relies on generating embeddings or using LLMs for synthesis (especially with the '-a' or '--answer' flag). This may involve sending segments of the local codebase to external servers owned by Mixedbread or third-party AI providers.
INDIRECT_PROMPT_INJECTION (LOW): This skill is vulnerable to indirect prompt injection. (1) Ingestion points: The skill reads through all non-gitignored files in a repository. (2) Boundary markers: None are specified to protect the agent from instructions embedded in the code. (3) Capability inventory: The agent has command execution capabilities via bunx and file system access. (4) Sanitization: No sanitization of the search results is performed before they are presented to the agent or used for AI-powered synthesis.

mgrep-code-search