searching-sourcegraph
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external repositories. \n
- Ingestion points:
read_file,deepsearch_read, and search results fromkeyword_searchandnls_search(found inSKILL.mdand various workflow files). \n - Boundary markers: Absent; there are no instructions to the agent to isolate or treat external codebase content as untrusted data. \n
- Capability inventory: The skill enables deep exploration and reading of code, which could lead an agent to follow malicious instructions embedded in a repository. \n
- Sanitization: None; raw code content is ingested into the agent context. \n- [DATA_EXFILTRATION]: The skill includes search patterns for identifying sensitive configuration files. In
query-patterns.md, it suggests a specific query for environment variables:file:\.env\. [A-Z_]+=. While intended for architectural discovery, this facilitates the location of credentials or secrets that may be improperly stored in a codebase.
Audit Metadata