Skills
skills/toolshell/skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it facilitates workflows that ingest untrusted content from the web and process it through LLMs without explicit sanitization.
  • Ingestion points: External web content is fetched using the tavily/extract and exa/extract apps via the infsh CLI tool.
  • Boundary markers: The workflow examples in SKILL.md interpolate search and extraction results directly into LLM prompts using simple placeholders like <search-results> and <content> without using robust delimiters or defensive instructions.
  • Capability inventory: The skill is authorized to use the infsh command to execute search, extraction, and inference tasks.
  • Sanitization: There is no evidence of validation or sanitization of the retrieved web content before it is processed by downstream AI models.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 09:25 AM
Security Audit — agent-trust-hub — web-search