web-search-andi

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a sensitive credentials file at ~/.gooseworks/credentials.json to retrieve API keys for authentication. This is an expected behavior for skills within this ecosystem.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands via python3 to parse the local configuration file and curl to perform network requests to the api.gooseworks.ai proxy.
  • [PROMPT_INJECTION]: The skill processes untrusted web search results, which creates an attack surface for indirect prompt injection.
  • Ingestion points: Search results fetched from the Andi Search API (SKILL.md).
  • Boundary markers: Absent. The skill does not provide instructions to distinguish search results from system instructions.
  • Capability inventory: File system access, network requests (curl), and shell execution (python3).
  • Sanitization: None specified; content from external search results is directly incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — web-search-andi