functional-search
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill is installed from the untrusted GitHub repository 'newuni/magi-functional-search' via the 'npx skills' command. This repository is not on the trusted sources list, posing a potential supply chain risk where malicious code could be introduced into the scripts folder.
- [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection from the files it indexes. 1. Ingestion points: The skill recursively reads and processes all .md files in a target directory. 2. Boundary markers: Absent; the search results are presented to the agent without explicit delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill has the ability to execute Bash and Python commands. 4. Sanitization: No sanitization or filtering of file content is described in the logic.
- [COMMAND_EXECUTION] (LOW): The shell command construction in SKILL.md uses unescaped placeholders like '' and '' for user input. This creates a surface for command injection if the agent interpolates these variables into the bash script without proper shell-safe escaping.
Audit Metadata