The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to interpolate a user-provided search query directly into a shell command using ripgrep (rg) or grep. This allows for arbitrary command execution if the query contains shell metacharacters such as semicolons, pipes, or backticks. Evidence found in SKILL.md: rg "$query" "$project_path" --heading --line-number.
[DATA_EXFILTRATION]: The skill facilitates searching across all projects in a workspace, which can inadvertently reveal sensitive information like environment variables, private keys, or internal configurations to the AI's context. Evidence: The description and instructions explicitly state the ability to "Search for patterns across all projects in the workspace" and "Get all cloned projects from the workspace configuration."
[PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by ingesting arbitrary file content into the agent's context without sanitization or boundary markers. 1. Ingestion points: File contents retrieved from the workspace via rg or grep (SKILL.md). 2. Boundary markers: Absent; no delimiters or 'ignore' instructions are provided to distinguish search results from system instructions. 3. Capability inventory: Shell command execution via rg (SKILL.md). 4. Sanitization: Absent; no filtering or escaping is applied to the retrieved content.

workspace-search