search-web
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted web content through search results and fetches, creating an inherent surface for indirect prompt injection.
- Ingestion points: Web content is ingested via the
WebFetchtool within sub-agent prompts (Step 3.2). - Boundary markers: The instructions do not define specific boundary markers or 'ignore embedded instructions' prompts for handling the fetched web data.
- Capability inventory: The skill can create sub-agents, tasks, and teams, and write/read files within the
/tmp/search-web/directory. - Sanitization: No explicit sanitization or filtering of external content is described before the evaluator sub-agent processes the data.
- [COMMAND_EXECUTION]: Uses shell commands (
mkdir -p) to create and manage the session directory structure in/tmp/search-web/for storing task logs, evaluator reports, and final research outputs. - [COMMAND_EXECUTION]: Dynamically spawns and orchestrates multiple sub-agents (
search-agent,search-evaluator,query-optimizer) with specific, task-oriented prompts to execute parallelized research workflows.
Audit Metadata