Skills
skills/codingrookie98/everything-search/everything-search/Gen Agent Trust Hub

everything-search

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). An attacker could embed malicious search queries in data processed by the agent (e.g., a document or email) to trick it into searching for sensitive system information.
  • Ingestion points: User-supplied search queries passed as command-line arguments to scripts/search.js.
  • Boundary markers: None. The script does not use delimiters or instructions to prevent the execution of embedded search commands within the user input.
  • Capability inventory: The skill uses spawnSync to call es.exe, providing full read-only visibility into the filesystem, including filenames, paths, and file content (via the content: query).
  • Sanitization: No sanitization or validation is performed on the query arguments before they are passed to the external binary.
  • [COMMAND_EXECUTION] (LOW): The script scripts/search.js executes an external binary (es.exe). It correctly uses shell: false in spawnSync, which prevents standard shell injection attacks (like command chaining with ; or &). However, the execution of external binaries is a high-privilege operation that is core to this skill's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM