semantic-search
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFE
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill contains commands to interact with local services via
curl http://localhost:8081/v1/schema. While it performs network operations, they are restricted to the local loopback address, posing no risk of data exfiltration to external actors. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill facilitates the ingestion of external data (source code from a codebase) into the agent's context via the
search:semanticcommand. - Ingestion points: Results from
codecompass search:semanticwhich retrieve code snippets from the local filesystem. - Boundary markers: None explicitly defined in the execution guide for the agent's output.
- Capability inventory: Limited to searching and displaying code context; no destructive file-write or remote execution capabilities are present in this skill.
- Sanitization: None described for the retrieved code content.
- Risk Assessment: The severity is LOW as the content is used for discovery and reasoning rather than driving high-privilege side effects.
Audit Metadata