byted-byteplus-infoquest-search
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by using environment variables (INFOQUEST_API_KEY) for authentication instead of hardcoding secrets.
- [EXTERNAL_DOWNLOADS]: Network requests are restricted to official vendor domains (infoquest.bytepluses.com) using the standard requests library.
- [PROMPT_INJECTION]: The skill processes untrusted content from the web, creating a potential surface for indirect prompt injection.
- Ingestion points: External content is fetched in scripts/extract.py and scripts/search.py.
- Boundary markers: No markers are used to delimit external content.
- Capability inventory: The skill lacks dangerous capabilities like local file writing or arbitrary command execution, mitigating the impact of potential injections.
- Sanitization: Content is returned as raw text without filtering for instruction-like patterns.
Audit Metadata