web-search
Warn
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating user-provided query and URL strings directly into Python execution calls (e.g.,
python3 <OMNI_SEARCH_DIR>/scripts/omni_search.py search "<query>"). This pattern creates a command injection risk where malicious inputs containing shell metacharacters could execute arbitrary commands on the host system. - [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to suggest downloading and installing a companion tool from the author's GitHub repository (
github.com/d-wwei/omni-search-skill.git) and installing its dependencies usingpip. While the repository is owned by the skill author, it introduces external code that is not part of the skill itself. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the public web via search results and page fetching.
- Ingestion points: Data enters the agent context through the
fetch,resolve, andcrawlcommands inSKILL.md. - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the fetched content.
- Capability inventory: The agent has the ability to execute shell commands via the
python3script calls defined inSKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the fetched Markdown content before it is processed by the agent.
Audit Metadata