search-web

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted web content through search results and fetches, creating an inherent surface for indirect prompt injection.
  • Ingestion points: Web content is ingested via the WebFetch tool within sub-agent prompts (Step 3.2).
  • Boundary markers: The instructions do not define specific boundary markers or 'ignore embedded instructions' prompts for handling the fetched web data.
  • Capability inventory: The skill can create sub-agents, tasks, and teams, and write/read files within the /tmp/search-web/ directory.
  • Sanitization: No explicit sanitization or filtering of external content is described before the evaluator sub-agent processes the data.
  • [COMMAND_EXECUTION]: Uses shell commands (mkdir -p) to create and manage the session directory structure in /tmp/search-web/ for storing task logs, evaluator reports, and final research outputs.
  • [COMMAND_EXECUTION]: Dynamically spawns and orchestrates multiple sub-agents (search-agent, search-evaluator, query-optimizer) with specific, task-oriented prompts to execute parallelized research workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:05 PM
Security Audit — agent-trust-hub — search-web