Skills
AGENT LAB: SKILLS
skills/yoanbernabeu/grepai-skills/grepai-mcp-claude/Gen Agent Trust Hub

grepai-mcp-claude

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill provides commands to configure an MCP server within Claude Code (e.g., claude mcp add grepai -- grepai mcp-serve). These commands are standard for the tool's intended purpose of local integration.
  • [Indirect Prompt Injection] (LOW): The skill enables the agent to perform semantic searches across a codebase via GrepAI. This creates an attack surface where malicious content within the searched files could potentially influence the agent's behavior.
  • Ingestion points: Local files indexed and searched by the grepai_search tool.
  • Boundary markers: None explicitly defined in the skill documentation; relies on the underlying LLM/agent host's delimiters.
  • Capability inventory: The agent (Claude Code) has terminal execution and file manipulation capabilities which could be targeted by instructions found in code comments.
  • Sanitization: No explicit sanitization of searched content is mentioned in the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:00 PM