linkfox-ai-mode-google-search
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions in
SKILL.mdrecommend downloading an onboarding skill from the vendor's infrastructure athttps://agent-files.linkfox.com/skills/linkfox-onboarding/release.zipif the API key is not configured. This is a mechanism for distributing additional tooling provided by the vendor. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves AI-generated summaries from Google search results which are then ingested into the agent's context.
- Ingestion points: Untrusted data from the web enters the agent's context through the
stdoutresponse field fetched byscripts/google_ai_search.py. - Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to ignore instructions embedded in the search results.
- Capability inventory: The agent is instructed to summarize the output directly and use it to form follow-up queries, providing a path for malicious instructions in search results to influence future tool calls.
- Sanitization: No validation or filtering is performed on the incoming Markdown content before it is processed by the agent.
Audit Metadata