semantic-search
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from local files.
- Ingestion points: File content is read via
fs.promises.readFileinindex.jsto perform tokenization and matching. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the returned search results.
- Capability inventory: The skill is limited to read-only filesystem access and console logging; it does not implement
exec,eval, network requests, or file write operations. - Sanitization: Content is tokenized for scoring but is not sanitized or escaped before being returned to the agent context.
- [EXTERNAL_DOWNLOADS]: The skill's documentation suggests installing the 'natural' and 'compromise' Node.js packages. These are well-known, legitimate libraries for natural language processing and do not represent a security risk in this context.
Audit Metadata