github-code-search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill instructs the agent to generate and execute its own TypeScript code ('Code Mode') to process search results. This increases the risk of the agent executing logic influenced by untrusted external data.\n- [External Downloads] (MEDIUM): Setup requires installing an MCP server via a remote URL (https://mcp.grep.app), which is not a verified or trusted source for executable tools.\n- [Indirect Prompt Injection] (LOW): The skill exposes the agent to untrusted content from millions of public repositories.\n
- Ingestion points: Code snippets retrieved from https://grep.app/api/search (processed in scripts/search.ts).\n
- Boundary markers: Absent; there are no explicit instructions to the agent to disregard instructions contained within the fetched code snippets.\n
- Capability inventory: The agent has access to bash, bun, curl, and can execute dynamically generated TypeScript.\n
- Sanitization: The provided search script strips HTML tags but lacks mechanisms to detect or neutralize prompt injection within the code matches.\n- [Data Exfiltration] (LOW): The skill performs network operations to grep.app, which is not on the standard whitelist of trusted domains for data transfer.
Audit Metadata