web-search-jina

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions involve reading sensitive API keys from a local file located at ~/.gooseworks/credentials.json. Accessing credential stores in the user's home directory is a high-risk data exposure pattern for AI agents.
  • [COMMAND_EXECUTION]: The skill executes shell commands using curl and python3 to manage environment variables, parse JSON configuration, and interact with remote APIs.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.gooseworks.ai (Gooseworks API) to proxy web search queries and retrieve endpoint information.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted web search results from the Jina API.
  • Ingestion points: Web search results retrieved via the jina-s API.
  • Boundary markers: None; the instructions do not specify delimiters or guardrails to prevent the agent from following instructions embedded in the search results.
  • Capability inventory: The agent has the ability to execute shell commands (curl, python3) and read files from the file system.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — web-search-jina