morph-warpgrep
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires downloading the
@morphllm/morphsdkand@morphllm/morphmcppackages via NPM/npx. It also involves installing theripgreputility through system package managers (breworapt) and cloning a test repository from the author's GitHub (github.com/letta-ai/letta-code). These resources are documented as prerequisites for the tool's operation. - [COMMAND_EXECUTION]: The instructions include shell commands for installing dependencies and running a local test script (
scripts/test-warpgrep.ts) using thebunruntime to verify search results on a specified repository path. - [DATA_EXFILTRATION]: To provide agentic code search, the WarpGrep tool transmits search queries and local code fragments to the Morph API (
api.morphllm.com) for refinement. This behavior is the intended core functionality of the cloud-assisted search service. - [PROMPT_INJECTION]: The skill processes untrusted data from local repositories, which constitutes a surface for indirect prompt injection.
- Ingestion points: Local codebase files read during the WarpGrep search process in
scripts/test-warpgrep.tsand mentioned inSKILL.md. - Boundary markers: The skill does not explicitly mention delimiters or instructions to ignore embedded prompts within the files being searched.
- Capability inventory: The skill performs file reading and directory listing using local tools like
ripgrepand the Morph SDK. - Sanitization: The provided documentation and test script do not contain explicit sanitization or filtering of the content read from files.
Audit Metadata