gh-grep
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute a shell command via bun. Since the --query parameter takes user input directly, it is vulnerable to command injection if shell metacharacters (such as semicolons or pipes) are not correctly escaped by the agent or the underlying script.
- [COMMAND_EXECUTION] (LOW): The script references hardcoded absolute paths in a specific user's home directory (/home/hazeruno/.config/...). This indicates a non-portable and potentially insecure deployment environment.
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection as the skill processes untrusted code snippets from external GitHub repositories. 1. Ingestion points: Data retrieved from grep.app via the grep.ts script. 2. Boundary markers: None identified in the skill instructions to distinguish between code and data. 3. Capability inventory: Shell command execution via bun and script arguments. 4. Sanitization: No evidence of input sanitization or output filtering for the retrieved code.
Audit Metadata