image-search

Fail

Audited by Gen Agent Trust Hub on Jun 6, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: A hardcoded Jina AI API key (jina_a054a46449f240a8be11a021c10885b2gFKr_SHHQ_Q9gTitXU4B9CGk4Pt9) is present in the source code of scripts/jina_batch_scrape.py, scripts/jina_scrape.py, and scripts/jina_search.py.
  • [DATA_EXFILTRATION]: The skill performs outbound network requests to s.jina.ai and r.jina.ai using urllib.request. These operations are performed using the hardcoded credentials, which facilitates potential misuse or unauthorized access to the associated account.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from the web.
  • Ingestion points: Untrusted data enters the agent context via jina_scrape.py and jina_batch_scrape.py, which retrieve markdown content from arbitrary external URLs.
  • Capability inventory: The agent is instructed to analyze this content to select images and provide descriptions, which involves interpreting potentially malicious text embedded in the scraped pages.
  • Boundary markers: There are no boundary markers or instructions to treat the scraped content as untrusted data.
  • Sanitization: The scraped markdown is passed directly to the agent without any validation, filtering, or sanitization of embedded instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 6, 2026, 05:03 AM
Security Audit — agent-trust-hub — image-search