windows-safe-grep
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The
safe-grep.shscript reads contents from files and outputs them to the agent's context. This is a primary vector for indirect prompt injection where malicious instructions inside a scanned file could hijack the agent's behavior. - Ingestion points: The script reads file contents via the
grepcommand insafe-grep.sh. - Boundary markers: None. The output is directly returned without delimiters or instructions to ignore embedded commands.
- Capability inventory: Executes filesystem searches (
find) and file reads (grep). - Sanitization: No sanitization of the file content is performed before returning it to the agent.
- [Command Execution] (MEDIUM): The script is vulnerable to argument injection in both the
findandgrepcalls. - Evidence: In
safe-grep.sh, the variables$WIN_PATHand$SEARCH_PATTERNare passed to commands without using the--delimiter. - Impact: If an attacker can control the path or search pattern (e.g., via a malicious project configuration), they could inject flags like
-deleteinto thefindcommand or other functional flags intogrepto manipulate execution behavior.
Recommendations
- AI detected serious security threats
Audit Metadata