Skills
skills/vm0-ai/vm0-skills/serpapi/Gen Agent Trust Hub

serpapi

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the SerpApi official endpoint at serpapi.com to retrieve search engine data.
  • [COMMAND_EXECUTION]: Executes system commands such as curl to perform network operations and jq to process and filter JSON data.
  • [DATA_EXFILTRATION]: Passes the authentication secret (SERPAPI_TOKEN) as a query parameter in requests sent to the SerpApi service.
  • [PROMPT_INJECTION]: The skill handles untrusted external data from search results, presenting a surface for indirect prompt injection.
  • Ingestion points: Ingests data from external search results via SerpApi as documented in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to help the agent differentiate between search data and system instructions.
  • Capability inventory: The skill allows network requests via curl and JSON processing via jq.
  • Sanitization: There is no evidence of content sanitization or validation for the data retrieved from the search engines.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 03:43 PM