byted-bp-searchinfinity-web-search

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions provide strict behavioral guidelines, persona requirements for internet awareness, and mandatory response templates that the agent is instructed to use verbatim.\n- [COMMAND_EXECUTION]: The agent is directed to execute the web_search.py script via shell to perform searches and to verify user-supplied API keys when they are provided in the chat.\n- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference the requests library as a required dependency to be installed via standard package managers.\n- [DATA_EXFILTRATION]: The skill transmits search queries and authentication tokens to BytePlus official API endpoints (torchlight.byteintlapi.com). This is a documented vendor service and does not represent an exfiltration risk.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting and processing untrusted web search results.\n
  • Ingestion points: Web search results (titles, snippets, and summaries) retrieved by scripts/web_search.py and returned to the agent context.\n
  • Boundary markers: None; the instructions do not specify the use of delimiters or 'ignore' instructions for the search data.\n
  • Capability inventory: Subprocess execution of the local web_search.py script.\n
  • Sanitization: No validation or filtering is performed on the content retrieved from external websites before it is synthesized into answers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 01:45 PM
Security Audit — agent-trust-hub — byted-bp-searchinfinity-web-search