multi-platform-search-searchapi
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses a sensitive credential file at
~/.gooseworks/credentials.json. This access is performed in theSKILL.mdsetup section usingpython3to extract theapi_keyandapi_basefor authentication purposes. While this is intended for the skill's primary function, accessing files in the home directory that contain credentials is a high-sensitivity operation. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for both configuration and operational tasks. This includes using
python3 -cfor parsing JSON configuration files and multiplecurlcommands to interact with the SearchAPI endpoints via a proxy. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to how it handles user-provided data.
- Ingestion points: User-provided search queries (
q), usernames, and unique identifiers (e.g.,video_id,channel_id) are accepted as parameters inSKILL.md. - Boundary markers: No explicit delimiters or boundary markers are defined to separate user-controlled input from the command logic in the
curlexamples. - Capability inventory: The skill utilizes
curlfor network communication andpython3for local processing, providing a path for potential command injection if parameters are not handled securely. - Sanitization: There is no evidence of sanitization, escaping, or validation of user-provided content before it is interpolated into the shell commands.
Audit Metadata