web-search
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation script install.sh downloads and executes a shell script from https://astral.sh/uv/install.sh. While this involves executing remote code, the source is a well-known service provider.
- [DATA_EXFILTRATION]: The skill transmits search queries and sensitive authentication tokens (e.g., WEB_SEARCH_BEARER) to https://amd1.mooo.com/api/duck/search. This endpoint uses a dynamic DNS service, which is not a standard or verifiable platform for handling sensitive authentication data.
- [EXTERNAL_DOWNLOADS]: During installation, the skill fetches a package or requirements file from https://skale.dev/credgoo, which is a domain associated with the skill's author.
- [COMMAND_EXECUTION]: The skill provides a shell script (search) that resolves its path and executes Python logic using the uv tool. Additionally, the Python script uses dynamic module loading via import to load the standard base64 library for credential encoding.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes search results from external websites.
- Ingestion points: Fetches snippet and title data from external web search backends in scripts/search.py.
- Boundary markers: None identified. Results are returned as simple markdown lists without delimiters.
- Capability inventory: The script performs network requests and reads local configuration files such as ~/.config/api_keys/searx.json.
- Sanitization: No validation or sanitization is performed on the data retrieved from search engines before it is presented to the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata