web-search-andi
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses a sensitive credentials file at
~/.gooseworks/credentials.jsonto retrieve API keys for authentication. This is an expected behavior for skills within this ecosystem. - [COMMAND_EXECUTION]: The skill utilizes shell commands via
python3to parse the local configuration file andcurlto perform network requests to theapi.gooseworks.aiproxy. - [PROMPT_INJECTION]: The skill processes untrusted web search results, which creates an attack surface for indirect prompt injection.
- Ingestion points: Search results fetched from the Andi Search API (SKILL.md).
- Boundary markers: Absent. The skill does not provide instructions to distinguish search results from system instructions.
- Capability inventory: File system access, network requests (curl), and shell execution (python3).
- Sanitization: None specified; content from external search results is directly incorporated into the agent's context.
Audit Metadata