codebase-search
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file contains a directive stating: "DO NOT read script source code. Run scripts directly and use --help for usage." This instruction attempts to bypass agent security auditing protocols by instructing the agent not to inspect code before execution.
- [EXTERNAL_DOWNLOADS]: The script scripts/codebase-search.py downloads the @morphllm/morphmcp package from the NPM registry using bunx during execution.
- [REMOTE_CODE_EXECUTION]: The skill uses bunx @morphllm/morphmcp@latest to execute remote code. This pattern lacks version pinning or integrity checks, allowing the execution of unverified remote code.
- [COMMAND_EXECUTION]: The skill invokes subprocess.run to execute external binaries (mcporter, bunx) with arguments derived from user input (query, repo_path).
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: The query argument in scripts/codebase-search.py takes natural language input from the user.
- Boundary markers: No delimiters or "ignore embedded instructions" warnings are present in the script or prompt templates.
- Capability inventory: The script has the ability to execute subprocesses and download external packages.
- Sanitization: There is no evidence of input validation, escaping, or filtering of the natural language query before it is passed to the subagent.
Recommendations
- AI detected serious security threats
Audit Metadata