serper
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python script located at scripts/search.py to manage search requests and web scraping logic.
- [EXTERNAL_DOWNLOADS]: The skill relies on the trafilatura library for web content extraction, which is a standard and well-known Python package.
- [DATA_EXFILTRATION]: The skill sends search queries and the Serper API key to google.serper.dev. This behavior is documented as the core functionality for retrieving search results and is not considered malicious.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: Full page content is fetched from arbitrary URLs returned by Serper and processed in scripts/search.py. 2. Boundary markers: The output is structured as a JSON array to differentiate data from instructions. 3. Capability inventory: The skill can execute python and perform network requests to any search result. 4. Sanitization: Content is cleaned of HTML tags via trafilatura, though it is not filtered for natural language instructions.
- [SAFE]: No evidence of obfuscation, persistence, privilege escalation, or unauthorized access to sensitive local files was found in the provided source code.
Audit Metadata