rlm-search
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local scripts (query_cache.py) and command-line utilities (grep, ripgrep) to search the repository.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves and displays file summaries and code chunks from the repository. 1. Ingestion points: query_cache.py script reads summaries from a local cache file. 2. Boundary markers: No delimiters are used to separate retrieved content from agent instructions. 3. Capability inventory: The agent can execute commands like python3, grep, and rg. 4. Sanitization: No validation or filtering is applied to the retrieved content.
Audit Metadata