ck
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is centered on the execution of the
ck(orseek) command-line tool to perform repository indexing, search queries, and status checks. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection, as it retrieves and processes content from untrusted local code repositories which may contain embedded instructions.
- Ingestion points: Search results from local files are ingested into the agent's context via
ckcommands (e.g.,ck --sem,ck --full-section). - Capability inventory: The agent can execute CLI commands, manage the indexing filesystem, and initialize an MCP server (
--serve). - Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are provided in the skill instructions.
- Sanitization: There is no evidence of sanitization or filtering applied to the retrieved code snippets before they are presented to the agent.
Audit Metadata