Skills
skills/neversight/skills.sh_feed/structural-search/Gen Agent Trust Hub

structural-search

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to search and potentially refactor code within a user's codebase, which constitutes untrusted input.
  • Ingestion points: The sg (ast-grep) tool reads all files within the target directory.
  • Boundary markers: There are no markers or instructions to the agent to ignore instructions embedded within the code being searched.
  • Capability inventory: The skill uses the Bash tool to execute commands, including sg --rewrite, which provides the agent with file-system modification privileges.
  • Sanitization: No sanitization or validation of the files being searched is performed before they are processed by the agent.
  • Command Execution (MEDIUM): The skill provides the agent with direct access to the Bash shell to run sg. While limited to the patterns shown, an agent could be manipulated into running arbitrary shell commands if the structural patterns are constructed maliciously.
  • Automated Scanner False Positive (INFO): The scanner flagged logger.info as a malicious URL. Technical review confirms this is a code snippet in a refactoring example (sg -p 'console.log($_)' -r 'logger.info($_)') and not a network resource.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:47 AM