web-search-jina
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions involve reading sensitive API keys from a local file located at
~/.gooseworks/credentials.json. Accessing credential stores in the user's home directory is a high-risk data exposure pattern for AI agents. - [COMMAND_EXECUTION]: The skill executes shell commands using
curlandpython3to manage environment variables, parse JSON configuration, and interact with remote APIs. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
api.gooseworks.ai(Gooseworks API) to proxy web search queries and retrieve endpoint information. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted web search results from the Jina API.
- Ingestion points: Web search results retrieved via the
jina-sAPI. - Boundary markers: None; the instructions do not specify delimiters or guardrails to prevent the agent from following instructions embedded in the search results.
- Capability inventory: The agent has the ability to execute shell commands (
curl,python3) and read files from the file system. - Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata