search-cluster
Fail
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: In
search-cluster.py, the skill utilizessubprocess.runto execute a local helper script (stealth_fetch.py). The command execution is handled securely by passing arguments as a list rather than a shell string, and it uses a user-defined path for the Python interpreter. - [PROMPT_INJECTION]: The skill incorporates a native sanitization routine (
internal_sanitize) that identifies and redacts keywords often used in prompt injection attempts within the retrieved search data. This acts as a safeguard against malicious content embedded in external web results. - [EXTERNAL_DOWNLOADS]: The skill communicates with several external search APIs and RSS feeds. It also requires the installation of the
redisandscraplingPython libraries to function. All network operations use standard libraries and HTTPS. - [PROMPT_INJECTION]: The skill processes untrusted data from various search providers, creating an indirect prompt injection attack surface.
- Ingestion points: Data retrieved from Wikipedia, Reddit, and DuckDuckGo (found in
search-cluster.py). - Boundary markers: Absent; the data is returned to the agent context as JSON-formatted strings.
- Capability inventory: The skill is capable of executing local subprocesses and performing outbound network requests.
- Sanitization: Present; the
internal_sanitizefunction redacts common injection patterns and strips non-printable characters from the input stream.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
Audit Metadata