source-search
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from a repository's source files. An attacker could embed malicious instructions within code comments or files that are subsequently read or grepped by the agent.
- Ingestion points: Source files searched and read via
greporreadoperations. - Boundary markers: Absent; the skill provides no instructions to ignore embedded directives in the search results.
- Capability inventory: The skill leverages
grepand file-reading capabilities which could be exploited if an injection succeeds. - Sanitization: None; the content from the codebase is processed as-is.
- [DATA_EXFILTRATION]: The skill's primary purpose includes locating sensitive artifacts such as environment variables (
env vars) and specifically mentions searching configuration-related files like.env.sampleandsetTestEnv.sh. This could be used to discover sensitive configuration structures or secrets. - [COMMAND_EXECUTION]: The workflow relies on the execution of shell commands like
grepto perform broad discovery across the codebase.
Audit Metadata