web-search-plus
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to well-known search providers including Serper, Tavily, Exa, Perplexity, and You.com. These network operations are necessary for the skill's primary function and target established, safe services.\n- [SAFE]: The skill demonstrates strong security maturity by implementing SSRF protection in both the configuration script (scripts/setup.py) and the search utility (scripts/search.py). It validates hostnames and blocks connections to private IP address ranges and cloud metadata endpoints when interacting with user-configured SearXNG instances.\n- [DATA_EXFILTRATION]: API keys and configuration settings are handled using standard practices, such as local environment variables and gitignored configuration files. No unauthorized data exfiltration or hardcoded credentials were observed.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted web content from search results.\n
- Ingestion points: Search snippets and AI-synthesized answers from various provider APIs in scripts/search.py.\n
- Boundary markers: Not explicitly implemented in the returned JSON data structure.\n
- Capability inventory: Network communication for searches and local file writes for caching.\n
- Sanitization: Data is parsed as JSON but the content of text fields is not filtered for potential instructions.
Audit Metadata