godgrep

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection attack surface by processing data from local codebase files that could contain malicious instructions.
  • Ingestion points: Untrusted file contents are read and returned to the agent context via grep and ast-grep searches.
  • Boundary markers: The skill lacks explicit instructions or delimiters to isolate search results from the agent's internal operational logic.
  • Capability inventory: The skill enables the execution of several shell commands, including ast-grep, grep, find, git, and bash.
  • Sanitization: While instructions provided include shell-level escaping of metavariables (e.g., using \$VAR), there is no mechanism to sanitize or filter the content ingested from the codebase.
  • [COMMAND_EXECUTION]: The skill relies on the execution of multiple system commands like ast-grep, grep, find, and git for its core functions. It provides instructions and examples for the agent to execute these tools directly.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 08:20 AM
Security Audit — agent-trust-hub — godgrep