Skills
skills/neversight/skills.sh_feed/find-replace/Gen Agent Trust Hub

find-replace

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill uses Bash to execute commands like sd 'oldPattern' 'newPattern'. If an agent uses unsanitized user input for these patterns, an attacker can inject shell characters (e.g., ;, `, $()) to execute arbitrary code on the system.
  • [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8). An attacker could place malicious patterns in a codebase that, when processed by this skill, trigger unintended modifications or data leaks.
  • Ingestion points: Search/replace patterns and file contents processed by rg and sd.
  • Boundary markers: Absent. The instructions provide examples but no strict delimiters to isolate untrusted input.
  • Capability inventory: File system write access and arbitrary shell command execution via Bash.
  • Sanitization: Insufficient. While the documentation suggests quoting patterns to prevent shell interpretation, it does not provide logic for escaping characters in an automated agent context.
  • [EXTERNAL_DOWNLOADS] (LOW): Recommends installing sd via brew or cargo. These are standard package managers, and while sd is a trusted open-source tool, the reliance on external installation introduces a minor supply-chain risk.
  • [SAFE] (INFO): The automated scan alert for logger.info is a false positive; the scanner incorrectly identified a JavaScript method call as a malicious TLD/URL.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:50 AM