Skills
skills/steveonead/agent-skills/ito-search/Gen Agent Trust Hub

ito-search

Fail

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Employs the gh command-line tool to query GitHub for issues, pull requests, and release information.
  • [EXTERNAL_DOWNLOADS]: Fetches data from external web sources using tools such as exa, WebSearch, and WebFetch to satisfy user queries.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of ingesting untrusted content from the internet.
  • Ingestion points: External content retrieved through exa, WebFetch, and documentation tools.
  • Boundary markers: None; the skill instructions do not specify the use of delimiters or 'ignore instructions' warnings for search results.
  • Capability inventory: Uses GitHub CLI and MCP tools; however, the instructions explicitly prohibit codebase modifications.
  • Sanitization: Implements a domain-based filtering mechanism (references/source-filter.md) that blacklists untrusted or malicious domains, including isolution.pro and chat-gpt.com.
Recommendations
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 13, 2026, 06:48 AM
Security Audit — agent-trust-hub — ito-search