warp-grep
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/warp-grep.pyusesbunxto download and execute the@morphllm/morphmcppackage from the NPM registry if a local server is not already configured. This occurs during thedo_searchfunction execution. - [REMOTE_CODE_EXECUTION]: The script executes remote code by calling
subprocess.runon a command string that includesbunx @morphllm/morphmcp@latest. This allows for the execution of arbitrary code fetched from a remote repository at runtime. - [COMMAND_EXECUTION]: The skill relies on
subprocess.runto execute system commands, specificallymcporterandbun. While it uses argument lists to prevent shell injection, it facilitates the execution of complex CLI tools with environment variables containing sensitive information (MORPH_API_KEY). - [INDIRECT_PROMPT_INJECTION]: The skill processes arbitrary codebases which serves as an untrusted data ingestion point.
- Ingestion points: Files within the provided
repo_pathare read by the underlyingwarpgrepsubagent. - Boundary markers: None are present to prevent the agent from obeying instructions embedded in code comments or documentation within the searched repository.
- Capability inventory: Uses
subprocess.runto call external MCP tools. - Sanitization: The natural language
queryis passed directly to the search tool without sanitization or escaping.
Audit Metadata