search1api
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the 's1' tool by executing a shell script directly from a remote URL using 'curl -fsSL https://cli.search1api.com/install.sh | bash'. This pattern allows for the execution of arbitrary code from an unverified source.- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of a global npm package 'search1api-cli' as an alternative installation method.- [COMMAND_EXECUTION]: The skill makes extensive use of the 's1' CLI tool to execute various subcommands like search, crawl, and news, which involve spawning subprocesses.- [DATA_EXFILTRATION]: The skill guides users to handle sensitive API keys through commands like 's1 config set-key ' or by setting environment variables, which can lead to credential exposure if not handled securely.- [INDIRECT_PROMPT_INJECTION]: The skill includes functionality to crawl and summarize arbitrary URLs, creating a surface for indirect prompt injection attacks where malicious instructions hidden on web pages could influence the agent's behavior.
- Ingestion points: Found in 'SKILL.md' via the 's1 crawl' and 's1 search' commands.
- Boundary markers: None present; web content is ingested and processed without delimiters or warnings.
- Capability inventory: The skill utilizes subprocess execution for CLI commands and network access for data retrieval.
- Sanitization: No evidence of sanitization or validation of external content before processing is found in the skill instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.search1api.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata