search-layer
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
scripts/fetch_thread.pyprogrammatically accesses the sensitive local file~/.git-credentialsto extract authentication tokens for GitHub. Accessing system-level credential files is a significant security concern as it exposes user credentials. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to various well-known services to fulfill search and content retrieval requests. These include the GitHub API, Exa, Tavily, and Grok endpoints, as well as V2EX, Hacker News, and Reddit for community content.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It fetches and processes content from untrusted external sources like web pages and online discussions, then incorporates this data into LLM prompts for evaluation and decision-making.
- Ingestion points: Data enters the system via
scripts/fetch_thread.py, which fetches full threads and pages from the web. - Boundary markers: Boundary markers are inconsistently applied. While
scripts/search.pyuse tags to delimit queries,scripts/relevance_gate.pyandscripts/chain_tracker.pyinterpolate external text directly into prompts without robust isolation. - Capability inventory: The skill possesses network fetch capabilities across its main scripts (
scripts/search.py,scripts/fetch_thread.py,scripts/chain_tracker.py). - Sanitization: Content processing involves HTML tag removal and length truncation, but does not include sanitization for embedded malicious instructions before LLM processing.
Recommendations
- AI detected serious security threats
Audit Metadata