Skills
skills/neversight/skills.sh_feed/file-search/Gen Agent Trust Hub

file-search

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) due to its core functionality of processing untrusted file data and passing it to execution tools.
  • Ingestion points: The skill uses fd and rg in SKILL.md to ingest file names and content from the local filesystem.
  • Boundary markers: No boundary markers or 'ignore' instructions are provided to protect the agent from instructions embedded within searched files.
  • Capability inventory: The skill uses the Bash tool to execute secondary commands via xargs and the -x flag in fd. It specifically suggests piping output to editors like vim or code (SKILL.md).
  • Sanitization: There is a total lack of sanitization for filenames. Filenames containing shell metacharacters or tool-specific flags (e.g., filenames starting with '-' or containing vim commands like '-c') could lead to arbitrary command execution when processed by the suggested commands.
  • COMMAND_EXECUTION (LOW): The skill facilitates broad shell access through fd, rg, and fzf. While this is the intended purpose, it provides a high-privilege environment that amplifies the impact of any successful prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:39 AM