codeindex
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends an installation method that pipes a remote shell script directly into bash. This pattern allows for arbitrary code execution on the user's system without prior verification of the script's content.
- Evidence:
curl -fsSL https://raw.githubusercontent.com/QuinsZouls/code-index/master/install.sh | bashinreferences/management.md. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install external software from GitHub repositories and releases if the tool is missing.
- Evidence: Mentions of
go install github.com/QuinsZouls/code-index/src@latestand manual downloads of binary assets from GitHub Releases inreferences/management.md. - [COMMAND_EXECUTION]: The skill is designed to have the agent autonomously execute shell commands to manage a local database index, including initialization, indexing, and search operations.
- Evidence: Instructions in
SKILL.mdto runcodeindex init,codeindex index, andcodeindex searchautomatically without user intervention. - [PROMPT_INJECTION]: The skill indexes and searches local codebase content, which introduces a surface for indirect prompt injection if source files contain malicious instructions.
- Ingestion points:
codeindex indexreads all files matching the project's inclusion patterns (e.g.,.py,.js,.go,.md). - Boundary markers: No explicit boundary markers or instructions to ignore embedded prompts are provided when search results are returned to the agent.
- Capability inventory: The agent has the capability to execute shell commands and read files, which could be abused if the agent follows instructions hidden within indexed code.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the codebase index.
Recommendations
- AI detected serious security threats
Audit Metadata