olares-search
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes snippets of content from user-indexed files without explicit boundary markers or sanitization. If a file contains malicious instructions, the agent may follow them when reviewing search results.\n
- Ingestion points: olares-cli search output snippets (SKILL.md).\n
- Boundary markers: Absent; the instructions do not define delimiters or protective instructions for untrusted file content.\n
- Capability inventory: The skill belongs to a suite that includes olares-files (read/write/download) and olares-settings, which provide significant interaction surfaces that could be targeted by injected instructions.\n
- Sanitization: Absent; content hits are passed verbatim to the agent as part of the search results.\n- [COMMAND_EXECUTION]: The skill documents the execution of the olares-cli binary to perform search operations.\n
- Evidence: Functional description of olares-cli search used to query the search3 index. This tool is a vendor resource provided by beclab.
Audit Metadata