ripgrep
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides comprehensive instructions for executing the
ripgrep(rg) command-line tool. While powerful, these are standard utility commands for file searching and management. - [PROMPT_INJECTION] (MEDIUM): The skill identifies a surface for Indirect Prompt Injection (Category 8). By searching through files, the agent ingests untrusted content that could contain instructions designed to override the agent's behavior.
- Ingestion points: The
rgcommand reads content from any file on the accessible filesystem (SKILL.md). - Boundary markers: Absent. The documentation does not provide instructions for the agent to treat search results as untrusted data or use delimiters.
- Capability inventory: The skill allows shell command execution of the
ripgreputility across directories. - Sanitization: Absent. The skill provides no mechanisms for filtering or escaping instructions found within the searched files.
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation and does not include any scripts, binaries, or automated installation steps.
Audit Metadata