google-search-serp

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs a dynamic execution pattern where a local Python script (scripts/serp-extract.py) generates JavaScript code to be executed within the browser. This is a common and legitimate technique for parsing complex, dynamically rendered web pages like Google Search.
  • [DATA_EXFILTRATION]: The skill maintains an execution log in a designated memory directory ({working-directory}/browser-act-skill-forge-memories/). This involves reading and writing to the local file system to store historical performance data and strategy adjustments, which is a standard pattern for agent persistence and does not target sensitive user data.
  • [PROMPT_INJECTION]: The skill is subject to the inherent risks of processing untrusted external data from search results, which is a surface for indirect prompt injection.
  • Ingestion points: Organic search results, paid advertisements, and 'People Also Ask' questions extracted from Google.com.
  • Boundary markers: There are no specific delimiters or instruction-ignore markers defined in the skill to isolate scraped content from the agent's core instructions.
  • Capability inventory: The agent has access to browser automation (browser-act) and shell command execution (bash).
  • Sanitization: Data is extracted using DOM properties like textContent without specific sanitization or filtering of potential injection payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — google-search-serp