google-search-serp
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill employs a dynamic execution pattern where a local Python script (
scripts/serp-extract.py) generates JavaScript code to be executed within the browser. This is a common and legitimate technique for parsing complex, dynamically rendered web pages like Google Search. - [DATA_EXFILTRATION]: The skill maintains an execution log in a designated memory directory (
{working-directory}/browser-act-skill-forge-memories/). This involves reading and writing to the local file system to store historical performance data and strategy adjustments, which is a standard pattern for agent persistence and does not target sensitive user data. - [PROMPT_INJECTION]: The skill is subject to the inherent risks of processing untrusted external data from search results, which is a surface for indirect prompt injection.
- Ingestion points: Organic search results, paid advertisements, and 'People Also Ask' questions extracted from Google.com.
- Boundary markers: There are no specific delimiters or instruction-ignore markers defined in the skill to isolate scraped content from the agent's core instructions.
- Capability inventory: The agent has access to browser automation (
browser-act) and shell command execution (bash). - Sanitization: Data is extracted using DOM properties like
textContentwithout specific sanitization or filtering of potential injection payloads.
Audit Metadata