grepai-troubleshooting
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The diagnostic command
echo $OPENAI_API_KEYcauses the agent to print the literal value of the secret API key into its output buffer, potentially exposing it to logging services or persisting it in the conversation history.\n- [Indirect Prompt Injection] (HIGH):\n - Ingestion points: The skill reads potentially untrusted local files including
.grepai/config.yaml,~/.claude/mcp.json, and.cursor/mcp.json.\n - Boundary markers: Absent; the skill does not use delimiters to wrap the output of
catcommands, allowing data to be confused with instructions.\n - Capability inventory: The skill allows for destructive operations (
rm -rf .grepai), environment variable modification (export), and local network interaction (curl).\n - Sanitization: Absent; the content of configuration files is processed as raw text without escaping or validation.\n- [Data Exposure & Exfiltration] (MEDIUM): The skill accesses
~/.claude/mcp.jsonand.cursor/mcp.json, which are configuration files for the host's AI tools located in the home directory, potentially exposing sensitive environment details.
Recommendations
- AI detected serious security threats
Audit Metadata