seti
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill fetches untrusted web content through search snippets and full-page scrapes. This content could potentially contain instructions intended to influence the agent's behavior.
- Ingestion points: Data enters the agent's context through the
web_searchandenrich_contenttools. - Boundary markers: Output is formatted using the TOON protocol to distinguish tool results, though explicit instructions to ignore embedded commands are not present in the skill text.
- Capability inventory: The skill possesses network communication capabilities and file system access for configuration and usage tracking.
- Sanitization: The skill relies on formatting and Jina Reader for content processing; no specific prompt-level sanitization for adversarial instructions is documented.
- [DATA_EXPOSURE]: The skill manages optional API keys for various search providers and tracks usage statistics in a local configuration directory (
~/.config/seti/usage.json). These are standard operational procedures for a local-first search utility. - [EXTERNAL_DOWNLOADS]: The setup process (
seti setup) facilitates the installation of the SearXNG backend using Docker or theuvPython tool manager. These operations involve downloading legitimate software images and packages from official registries.
Audit Metadata