Skills
skills/majiayu000/claude-skill-registry/github-code-search/Gen Agent Trust Hub

github-code-search

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands including curl, jq, and bun to perform searches and filter results locally as described in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill connects to the grep.app API to fetch search results from public GitHub repositories. This is a recognized service for code search.
  • [REMOTE_CODE_EXECUTION]: The setup instructions direct the user to add a remote Model Context Protocol (MCP) server from https://mcp.grep.app to provide integrated search capabilities.
  • [PROMPT_INJECTION]: The skill processes untrusted data in the form of code snippets retrieved from external repositories, which presents an indirect prompt injection surface (Category 8).
  • Ingestion points: Search results from the grep.app API fetched via curl or fetch() in SKILL.md.
  • Boundary markers: None explicitly defined in the provided implementation examples.
  • Capability inventory: Shell execution (curl, jq) and TypeScript execution (bun, tsx) are used to process the ingested data.
  • Sanitization: Results are filtered using jq or TypeScript logic, providing basic structural processing but no specific sanitization of embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 03:12 PM