multi-platform-search-searchapi

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a sensitive credential file at ~/.gooseworks/credentials.json. This access is performed in the SKILL.md setup section using python3 to extract the api_key and api_base for authentication purposes. While this is intended for the skill's primary function, accessing files in the home directory that contain credentials is a high-sensitivity operation.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for both configuration and operational tasks. This includes using python3 -c for parsing JSON configuration files and multiple curl commands to interact with the SearchAPI endpoints via a proxy.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to how it handles user-provided data.
  • Ingestion points: User-provided search queries (q), usernames, and unique identifiers (e.g., video_id, channel_id) are accepted as parameters in SKILL.md.
  • Boundary markers: No explicit delimiters or boundary markers are defined to separate user-controlled input from the command logic in the curl examples.
  • Capability inventory: The skill utilizes curl for network communication and python3 for local processing, providing a path for potential command injection if parameters are not handled securely.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of user-provided content before it is interpolated into the shell commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — multi-platform-search-searchapi