native-web-search
Warn
Audited by Snyk on May 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill explicitly performs live internet searches and ingests web results (SKILL.md: "search the internet for the requested topic") and the script (search.mjs — runCodexSearch and runAnthropicSearch) passes a web_search tool and builds prompts that require the model to read and summarize third-party web pages and include full canonical URLs, exposing the agent to untrusted public content that could carry indirect prompt injections.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata