osgrep
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill interacts with the system via a command-line tool named
osgrep. - The
allowed-toolsconfiguration uses a restrictive patternBash(osgrep:*), which follows the principle of least privilege by preventing the agent from executing arbitrary bash commands outside the scope of the search tool. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill's primary purpose is to ingest and display content from external source code files, creating a surface for indirect instructions to influence agent behavior.
- Ingestion points: Code snippets and file contents retrieved from the local filesystem during search operations in files like
SKILL.md(runtime search results). - Boundary markers: The tool uses specific tags like
[Definition]and truncation markers..., but lacks explicit delimiters or instructions to the agent to disregard natural language commands found within the searched code. - Capability inventory: The agent has the ability to run restricted
Bashcommands andReadfiles. - Sanitization: There is no evidence of sanitization or filtering of the code content before it is presented to the LLM context.
Audit Metadata