codebase-search
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: The skill reads and searches through files in a codebase using the
Read,Grep, andBashtools, which may contain untrusted data. - Boundary markers: Absent. There are no instructions to use delimiters or to disregard instructions embedded within the code comments or strings being searched.
- Capability inventory: The skill possesses the ability to execute shell commands via
Bashand read any file in the accessible environment. - Sanitization: Absent. No filtering or escaping of content found within the codebase is performed before the agent processes it.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform search operations (grep,glob) and version control tasks (git blame,git log). While standard for the use case, this provides a powerful capability that could be abused if the agent is influenced by malicious instructions in the searched files. - [DATA_EXFILTRATION]: The instructions explicitly guide the agent to search for sensitive patterns such as
API_KEY, environment variables (process.env,os.environ), and hardcoded constants. This capability facilitates the discovery of secrets within a codebase, which could then be targeted for exfiltration.
Audit Metadata