web-search
Pass
Audited by Gen Agent Trust Hub on Jun 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implementation relies exclusively on the Python standard library (stdlib) for its core logic in
scripts/web-search, which eliminates third-party dependency risks and minimizes the attack surface for supply chain vulnerabilities. - [SAFE]: API keys and sensitive credentials are handled appropriately using environment variables or configuration files in standard user directories (e.g.,
~/.config/web-search/). The provided examples use clear placeholders and documentation includes explicit warnings against hardcoding secrets. - [SAFE]: Network communication is directed solely to established search provider APIs using secure HTTPS connections. The functionality for
baseUrloverrides is correctly documented as a feature for corporate gateways, mirrors, and local development mocks. - [PROMPT_INJECTION]: As a tool designed to fetch external data, the skill exposes a surface for indirect prompt injection from search results ingested in
scripts/web-search. This risk is mitigated by the skill's use of structured JSON output and distinct boundary markers (e.g.,=== provider ===and--- WEBSEARCH ---) in its human-readable preview, which helps the agent separate search content from operational instructions.
Audit Metadata