web-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a GitHub repository from an individual/unknown account — while GitHub is a common source, cloning and running its code or pip-installing requirements without auditing introduces supply-chain and arbitrary code execution risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill’s runtime workflow includes fetching/crawling public web pages (e.g., omni_search.py fetch "<url>", resolve auto-fetch, and crawl "<url>"), so outsider-authored free text from arbitrary URLs is ingested into the agent’s LLM context as extracted Markdown.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directs installing and running code from the external GitHub repository (git clone https://github.com/d-wwei/omni-search-skill.git) so that remote code is fetched and executed at runtime (omni_search.py), which is a required dependency.