Skills
skills/inference-skills/skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: References installation instructions for the vendor's command-line interface (belt) hosted on their GitHub repository.
  • [COMMAND_EXECUTION]: Uses the belt CLI tool to execute search and extraction applications (tavily/*, exa/*). Access is scoped to the belt command via the allowed-tools frontmatter restriction.
  • [DATA_EXFILTRATION]: Transmits user-provided queries and external URLs to the inference.sh platform to facilitate web search and content retrieval.
  • [PROMPT_INJECTION]: The skill processes content extracted from external websites, creating an indirect prompt injection surface where malicious instructions embedded in remote content could influence the agent's behavior.
  • Ingestion points: Content extraction from URLs via tavily/extract and exa/extract.
  • Boundary markers: None explicitly defined in the provided examples.
  • Capability inventory: Uses the belt CLI for search and extraction; results are often piped into LLMs as shown in the workflow examples.
  • Sanitization: None visible in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 05:30 PM
Security Audit — agent-trust-hub — web-search