code-examples
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill makes network requests to grep.app/api/search. While not a listed trusted source, it is a legitimate search service.
- COMMAND_EXECUTION (LOW): Uses curl and jq for API interaction, which is typical for this type of skill.
- INDIRECT PROMPT INJECTION (LOW): The skill processes untrusted code snippets from public GitHub repositories. Ingestion points: API results from grep.app (SKILL.md). Boundary markers: Absent. Capability inventory: curl, jq. Sanitization: Absent. An attacker could place malicious instructions in code comments within a repository to influence the agent's behavior when these snippets are retrieved.
Audit Metadata