godgrep
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection attack surface by processing data from local codebase files that could contain malicious instructions.
- Ingestion points: Untrusted file contents are read and returned to the agent context via
grepandast-grepsearches. - Boundary markers: The skill lacks explicit instructions or delimiters to isolate search results from the agent's internal operational logic.
- Capability inventory: The skill enables the execution of several shell commands, including
ast-grep,grep,find,git, andbash. - Sanitization: While instructions provided include shell-level escaping of metavariables (e.g., using
\$VAR), there is no mechanism to sanitize or filter the content ingested from the codebase. - [COMMAND_EXECUTION]: The skill relies on the execution of multiple system commands like
ast-grep,grep,find, andgitfor its core functions. It provides instructions and examples for the agent to execute these tools directly.
Audit Metadata