byted-bp-searchinfinity-web-search
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions provide strict behavioral guidelines, persona requirements for internet awareness, and mandatory response templates that the agent is instructed to use verbatim.\n- [COMMAND_EXECUTION]: The agent is directed to execute the
web_search.pyscript via shell to perform searches and to verify user-supplied API keys when they are provided in the chat.\n- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference therequestslibrary as a required dependency to be installed via standard package managers.\n- [DATA_EXFILTRATION]: The skill transmits search queries and authentication tokens to BytePlus official API endpoints (torchlight.byteintlapi.com). This is a documented vendor service and does not represent an exfiltration risk.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting and processing untrusted web search results.\n - Ingestion points: Web search results (titles, snippets, and summaries) retrieved by
scripts/web_search.pyand returned to the agent context.\n - Boundary markers: None; the instructions do not specify the use of delimiters or 'ignore' instructions for the search data.\n
- Capability inventory: Subprocess execution of the local
web_search.pyscript.\n - Sanitization: No validation or filtering is performed on the content retrieved from external websites before it is synthesized into answers.
Audit Metadata