image-search
Fail
Audited by Gen Agent Trust Hub on Jun 6, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: A hardcoded Jina AI API key (
jina_a054a46449f240a8be11a021c10885b2gFKr_SHHQ_Q9gTitXU4B9CGk4Pt9) is present in the source code ofscripts/jina_batch_scrape.py,scripts/jina_scrape.py, andscripts/jina_search.py. - [DATA_EXFILTRATION]: The skill performs outbound network requests to
s.jina.aiandr.jina.aiusingurllib.request. These operations are performed using the hardcoded credentials, which facilitates potential misuse or unauthorized access to the associated account. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from the web.
- Ingestion points: Untrusted data enters the agent context via
jina_scrape.pyandjina_batch_scrape.py, which retrieve markdown content from arbitrary external URLs. - Capability inventory: The agent is instructed to analyze this content to select images and provide descriptions, which involves interpreting potentially malicious text embedded in the scraped pages.
- Boundary markers: There are no boundary markers or instructions to treat the scraped content as untrusted data.
- Sanitization: The scraped markdown is passed directly to the agent without any validation, filtering, or sanitization of embedded instructions.
Recommendations
- AI detected serious security threats
Audit Metadata