Trust Assessment
mgrep-code-search received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned dependency in skill execution, Potential for command injection via user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency in skill execution The skill instructs the agent to execute `@mixedbread/mgrep` via `bunx` without specifying a version. This practice introduces a significant supply chain risk. If a malicious version of `@mixedbread/mgrep` is published to the registry, or if the package maintainer's account is compromised, the agent could automatically download and execute arbitrary malicious code. This could lead to data exfiltration, system compromise, or other severe security incidents. Pin the `@mixedbread/mgrep` dependency to a specific, known-good version (e.g., `bunx @mixedbread/mgrep@1.2.3 watch`). Implement a mechanism to verify package integrity (e.g., checksums) if possible, and regularly review and update dependencies. | Static | SKILL.md:30 | |
| HIGH | Potential for command injection via user input The skill demonstrates executing shell commands (`bunx @mixedbread/mgrep`) where parts of the command, specifically the search query and optional path, are expected to be derived from user input. If the agent does not properly sanitize or escape user-provided strings before constructing and executing these shell commands, a malicious user could inject arbitrary shell commands (e.g., `"; rm -rf /"` or `$(malicious_command)`) into the execution context. This could lead to remote code execution, unauthorized file system access, or data manipulation. The agent implementing this skill must ensure all user-provided input passed to shell commands is properly sanitized and escaped. For example, by using a dedicated library for shell escaping or by strictly validating input against expected patterns. Avoid direct string concatenation for shell commands with untrusted input. Consider using a safer execution method that passes arguments as a list rather than a single string to the shell. | Static | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/c0d7c75ec7025858)
Powered by SkillShield