Skills
skills/team2027/skills/search/Gen Agent Trust Hub

search

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted web search results which can contain malicious instructions, creating an indirect prompt injection surface.
  • Ingestion points: Search results (titles, URLs, and metadata) from the Browserbase Search API are ingested into the agent's context as shown in SKILL.md and EXAMPLES.md.
  • Boundary markers: The skill provides "Safety Notes" advising the agent to treat results as untrusted, but it lacks technical delimiters (e.g., XML tags or specific markers) to programmatically separate external data from system instructions.
  • Capability inventory: The skill utilizes allowed-tools: Bash and provides examples using curl, jq, sed, and shell redirection for network and file system operations.
  • Sanitization: No explicit sanitization or validation logic is provided to filter search results before they are interpolated into shell commands or further prompt processing.
  • [COMMAND_EXECUTION]: Example scripts in EXAMPLES.md demonstrate patterns where untrusted data is interpolated into shell commands.
  • Evidence: Example 5 in EXAMPLES.md uses search result URLs directly within a while loop to construct shell commands for curl and sed. If a search provider returns a URL containing shell meta-characters or subshell execution syntax, it could lead to unintended command execution during filename generation or API requests.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:05 AM
Security Audit — agent-trust-hub — search