skills/skill-zero/s/web-search/Gen Agent Trust Hub

web-search

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains instructions to run curl -fsSL https://cli.inference.sh | sh. This pattern downloads and executes code from a non-trusted domain directly in the shell, which can lead to full system compromise.
  • [COMMAND_EXECUTION] (HIGH): The skill's metadata allows unrestricted use of the Bash tool with the infsh prefix, which facilitates the execution of the downloaded remote CLI without further verification.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: Web content retrieved via Tavily and Exa. 2. Boundary markers: Absent in the workflow examples. 3. Capability inventory: Includes system command execution and LLM piping. 4. Sanitization: No sanitization or escaping of external content is performed before passing it to LLM prompts.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 04:34 AM
Security Audit — agent-trust-hub — web-search