exploring-codebases
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs tree-sitter-language-pack to perform its primary function of context expansion during code searches. While this is an external dependency not provided by a trusted source on the whitelist, its installation is essential for the skill's stated purpose.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests and returns content from untrusted external codebases. Malicious instructions hidden in code comments or documentation could influence the agent's subsequent behavior. 1. Ingestion point: Local repository files via search.py. 2. Boundary markers: No explicit markers or instruction-ignoring wrappers identified. 3. Capability inventory: Uses subprocess to execute ripgrep and reads local files. 4. Sanitization: No sanitization of code blocks before returning them to the agent is evidenced.
- [COMMAND_EXECUTION] (LOW): The skill executes the ripgrep binary through subprocess calls. While this is required for searching, it presents a potential command injection risk if user-supplied query or path parameters are not strictly sanitized before execution.
Audit Metadata