morph-search
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data by searching through codebases. Malicious instructions embedded in the code being searched could influence the agent's behavior.
- Ingestion points: The scripts/mcp/morph_search.py script reads file content during search operations specified in the examples.
- Boundary markers: No boundary markers or delimiters are defined in the SKILL.md to isolate search results from instructions.
- Capability inventory: The skill is granted 'Bash' and 'Read' tools and includes a file modification parameter (--edit).
- Sanitization: Sanitization logic is not visible as the underlying python script is not provided.
- [Command Execution] (MEDIUM): The skill uses 'uv run' to execute local scripts and requires 'Bash' tool access. There is a risk of command injection if parameters like --search, --path, or --content are passed unsafely to shell-based utilities like WarpGrep.
Recommendations
- AI detected serious security threats
Audit Metadata