google-search
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the
chromuxCLI tool usingnode:child_process.execFileSync. This implementation is safe as it avoids shell-based command injection by passing arguments as an array rather than a single string. It is used to launch the browser and execute JavaScript for data extraction within the browser context. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it retrieves and processes untrusted text from the public web.
- Ingestion points: The
vendor/web-search.mjsscript fetches search results and full page content (body text and comments) from arbitrary external websites. - Boundary markers: The output formatting provided to the agent does not use specific delimiters or protective instructions to help the model distinguish between tool-provided data and embedded malicious instructions.
- Capability inventory: The skill has the ability to run shell commands (via
chromux) and perform network operations (via the browser). All subprocess calls are confined to thechromuxbinary withinvendor/web-search.mjs. - Sanitization: The script performs basic data cleanup, such as removing extra whitespace and limiting string length, but it does not filter for potential prompt injection patterns in the scraped content.
Audit Metadata