ripgrep
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the ripgrep binary through wrappers in
scripts/search.mjsandscripts/quick-search.mjs. It uses Node.jschild_process.spawnwithshell: false, which is a security best practice that prevents shell-based command injection from malicious search patterns or arguments. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
@vscode/ripgrepnpm package, which is a well-known service provided by a trusted organization (Microsoft/VS Code team). This package handles the automatic downloading and management of platform-specific binaries during the installation phase. - [DATA_EXFILTRATION]: While the tool supports searching hidden files (e.g.,
.env,.git/config) via the--hiddenflag, this is an expected feature for a code discovery tool. No logic was found that would facilitate unauthorized data exfiltration or external network communication. - [PROMPT_INJECTION]: Indirect prompt injection analysis:
- Ingestion points: Search results retrieved from file contents and displayed to the agent via
search.mjs. - Boundary markers: ripgrep's standard output provides structural delimiters (file path, line number, and content separators).
- Capability inventory: The skill is capable of executing the
rgbinary and performing file operations as permitted by the agent framework. - Sanitization: The use of
shell: falseprotects the execution environment, and the documentation includes mandatory "Iron Laws" instructing agents to validate exact symbol locations before performing edits. - [SAFE]: No signs of obfuscation, hardcoded credentials, persistence mechanisms, or privilege escalation attempts were detected. The skill follows established security protocols for wrapping system CLI tools.
Audit Metadata