skills/skills-shell/skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by retrieving data from external websites and piping it into LLM prompts. Malicious content on a web page could potentially influence the agent's behavior.
  • Ingestion points: Data enters the agent context through the tavily/extract, exa/extract, and tavily/search-assistant tools which read external URLs and search results.
  • Boundary markers: The skill documentation suggests using simple placeholders like <search-results> and <content>, but does not provide robust boundary markers or instructions to ignore embedded commands within the fetched data.
  • Capability inventory: The skill uses the Bash tool and the belt CLI to execute remote search and extraction tasks.
  • Sanitization: There is no evidence of sanitization or filtering of the extracted web content before it is processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to download and install the belt CLI using npx skills add belt-sh/cli and references installation scripts hosted on GitHub.
  • [COMMAND_EXECUTION]: The skill extensively uses the belt command-line tool via the Bash tool to perform searches, extract data, and run remote applications on the inference.sh platform.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 07:03 PM