vhs-search

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data ingestion. \n- Ingestion points: Fetches course data from the external VHS Berlin website (vhsit.berlin.de) and the Jina reader service in SKILL.md. \n- Boundary markers: No explicit delimiters or instructions are provided to ensure the agent ignores instructions embedded in the search results. \n- Capability inventory: The skill is authorized to use Bash, Read, and Write tools, allowing for command execution and file system modifications. \n- Sanitization: No sanitization or validation of the external content is described before it is presented to the user or stored. \n- [COMMAND_EXECUTION]: The skill executes local commands using the 'bun' runtime. It dynamically resolves the 'bun' executable path and runs a search script (search.ts) with parameters derived from user queries. \n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to external domains. It fetches data from vhsit.berlin.de and uses the Jina reader service as a fallback for content extraction.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 09:07 AM
Security Audit — agent-trust-hub — vhs-search