Trust Assessment
mgrep-code-search received a trust score of 40/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned Third-Party Dependency, Potential Command Injection via User Input, Potential Data Exfiltration via External AI Synthesis.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned Third-Party Dependency The skill uses `bunx @mixedbread/mgrep` without specifying a version. This means it will always fetch and execute the 'latest' version of the `@mixedbread/mgrep` package from npm. If a malicious update is pushed to this package, the agent would automatically execute potentially harmful code, leading to arbitrary code execution, data exfiltration, or other severe compromises. This is a critical supply chain vulnerability. Pin the dependency to a specific, trusted version (e.g., `bunx @mixedbread/mgrep@1.2.3`). Regularly review and update the pinned version after verifying its integrity and security. | Static | SKILL.md:34 | |
| HIGH | Potential Command Injection via User Input The skill describes using `bunx @mixedbread/mgrep` with user-provided natural language queries and optional paths. If the agent constructs the shell command by directly interpolating user input (e.g., `"your natural language query"` or `[path]`) without proper shell escaping, a malicious user could inject arbitrary shell commands. For example, a query like `'; rm -rf /'` could lead to severe system compromise if not sanitized. The agent implementation must strictly sanitize and shell-escape all user-provided input before constructing and executing any shell commands. Consider using a safe command execution library or function that handles escaping automatically. | Static | SKILL.md:40 | |
| HIGH | Potential Data Exfiltration via External AI Synthesis The skill's `mgrep` tool offers an `--answer` option (`-a`) to 'Generate AI-powered synthesis of results'. Given that 'mixedbread' is a company offering AI services, it is highly probable that enabling this option sends the search results (which can include sensitive code snippets from the local codebase) to an external, third-party AI service for processing. This constitutes a significant data exfiltration risk, as proprietary or sensitive code could be transmitted outside the local environment without explicit user consent or awareness. Clarify whether the AI synthesis occurs locally or remotely. If remote, explicitly inform the user about data transmission to a third-party service and require explicit consent before enabling this feature. Provide an option to disable remote synthesis or use a local-only alternative if available. Ensure that no sensitive data is included in the synthesis request. | Static | SKILL.md:56 |
Scan History
Embed Code
[](https://skillshield.io/report/877ab0232ae336ad)
Powered by SkillShield