serpapi-tool
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external search engine results (SERPs). While this introduces a surface for indirect injection (as search results could theoretically contain malicious instructions), the skill's capabilities are limited to data extraction and analysis for SEO purposes. There are no high-risk capabilities like file system modification or arbitrary command execution that could be exploited by such an injection.
- Ingestion points: Data enters the system via SerpAPI tool outputs (e.g.,
local_results,organic_results,ai_overview) as described inSKILL.md. - Boundary markers: None explicitly defined in the prompts, though the usage is within a structured tool call context.
- Capability inventory: The skill only performs information extraction and reasoning; no subprocess, network, or file-write capabilities are present in the provided script.
- Sanitization: Standard LLM processing of tool outputs is assumed.
- [COMMAND_EXECUTION]: No unauthorized or dangerous command execution patterns were found. The skill uses structured JSON parameters for interacting with an established MCP tool (SerpAPI).
- [EXTERNAL_DOWNLOADS]: The skill refers to well-known SEO services and tools (SerpAPI, Local Falcon, Semrush, Ahrefs, DataForSEO) for legitimate data retrieval and analysis. These are recognized industry services and do not constitute a security risk.
- [DATA_EXFILTRATION]: No sensitive data access or exfiltration patterns were detected. The skill focuses on public search data.
Audit Metadata