Skills
skills/k1lgor/mega-mind-skills/search-first/Gen Agent Trust Hub

search-first

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill workflow involves querying external package registries (NPM, PyPI) and web sources for library information.\n- [PROMPT_INJECTION]: The skill facilitates an attack surface for indirect prompt injection.\n
  • Ingestion points: The agent is instructed to read search results, README files, and web content (described in Step 2 and Step 3 in SKILL.md).\n
  • Boundary markers: No explicit boundary markers or warnings to ignore embedded instructions in external content are provided.\n
  • Capability inventory: The skill workflow assumes capabilities to execute shell commands (e.g., npm search, npm audit) and install packages via subprocess calls.\n
  • Sanitization: No sanitization or validation of the fetched external content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 04:24 PM
Security Audit — agent-trust-hub — search-first