grepai-init
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (SAFE): The configuration examples utilize environment variables (e.g.,
${OPENAI_API_KEY}) for sensitive credentials, which is a security best practice. The Postgres DSN example uses generic local placeholders. - [Indirect Prompt Injection] (SAFE): While the tool's purpose is to index and search codebases (which are external data sources), this skill only covers the initialization process and does not introduce malicious prompt interpolation patterns.
- [Command Execution] (SAFE): The skill documents the use of the
grepaiCLI tool. All commands listed are for standard project initialization, status checking, and workspace management.
Audit Metadata