codebase-search

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Repository navigation instructions. The skill provides clear and legitimate guidelines for searching codebases using standard tools like ripgrep and ast-grep to identify code definitions and usage.
  • [SAFE]: Tool and command usage. The utilization of 'allowed-tools' such as Read, Grep, Glob, and Bash is entirely consistent with the skill's stated purpose of repository search and does not include any suspicious or unauthorized command patterns.
  • [PROMPT_INJECTION]: Indirect injection surface. The skill ingests codebase content (untrusted data) via the Read and Grep tools. This represents a potential surface for indirect prompt injection; however, the risk is minimal as the instructions focus on summarizing findings into a search brief rather than executing instructions found within the files. The capabilities are limited to search-related operations, and no sanitization was noted but the usage is contextually safe.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — codebase-search