grepai-trace-callees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill consists entirely of markdown documentation and usage examples for a code analysis tool. No malicious code, obfuscation, or credential exfiltration attempts were found.
- [COMMAND_EXECUTION] (SAFE): The skill describes using the 'grepai' command-line utility and standard utilities like 'jq' and 'grep' for processing tool output. This behavior is consistent with the intended primary purpose of the skill for code analysis and discovery.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill involves reading and processing source code which could contain malicious instructions. 1. Ingestion points: Source code files processed by grepai. 2. Boundary markers: None specified in the documentation. 3. Capability inventory: Local shell command execution for code analysis. 4. Sanitization: None specified. This is a known risk surface for code analysis tools but is categorized as safe here as it is the core functionality of the tool.
Audit Metadata