search-code
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection by ingesting untrusted source code from external GitHub repositories.
- Ingestion points: Code snippets, file paths, and repository metadata retrieved through the
search_codefunction. - Boundary markers: Uses standard Markdown code blocks for snippets; however, it lacks explicit system-level instructions to the agent to disregard instructions embedded within the retrieved code.
- Capability inventory: The skill itself is read-only for searching, but it identifies related commands (
/create-issue,/create-pr) which could be leveraged if an agent is successfully manipulated by malicious comments in a searched file. - Sanitization: No content sanitization or instruction filtering is performed on the retrieved snippets before they are presented to the agent context.
Audit Metadata