gh-grep
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes code snippets from untrusted external sources (public GitHub repositories).
- Ingestion points: Data enters the agent context through code search results retrieved from
https://mcp.grep.app/via thesearchGitHubtool. - Boundary markers: Absent. The skill does not wrap the retrieved code in delimiters or provide the agent with instructions to ignore potential commands embedded in the search results.
- Capability inventory: The skill itself returns text/JSON results and does not possess direct file system write or subprocess execution capabilities, though the agent using it may have such tools.
- Sanitization: Absent. The retrieved code content is not filtered or sanitized before being presented to the agent.
Audit Metadata