ripgrep
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (
scripts/probe_ripgrep.py,scripts/validate.py,scripts/test_skill.py) that utilizesubprocess.runto execute local commands. These operations are limited to runningrgfor behavior verification andshfor syntax checking. These scripts use safe argument list passing (preventing shell injection) and target a temporary local corpus or the skill's own files. - [EXTERNAL_DOWNLOADS]: The skill references official source code and documentation for ripgrep (github.com/BurntSushi/ripgrep). These references are informational and do not involve automated execution of untrusted remote code.
- [PROMPT_INJECTION]: The instructions do not contain any patterns attempting to bypass agent safety filters or override system behavior. The guidelines correctly instruct the agent on how to handle user-provided strings using literal search flags and proper shell quoting.
- [SAFE]: The skill adheres to security best practices by recommending literal matching (
-F) to avoid unintended regex behavior and emphasizing the use of single quotes for patterns to prevent shell expansion issues.
Audit Metadata