web-search
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute local shell scripts (tavily.shandfirecrawl.sh) with user-provided arguments like search queries and URLs. This creates a risk of command injection if the agent does not properly escape or quote these inputs, potentially allowing attackers to execute arbitrary commands by including shell metacharacters such as semicolons, pipes, or backticks in the input.- [PROMPT_INJECTION]: The skill fetches and processes untrusted content from the internet, which is a vector for indirect prompt injection. - Ingestion points: Untrusted data is ingested via search results and webpage scraping from
WebFetch,Tavily, andFirecrawl. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external content as untrusted, increasing the risk that it might follow malicious instructions found on a webpage.
- Capability inventory: The agent has access to the
Bashshell and network tools, which could be exploited if a malicious instruction is processed. - Sanitization: No mechanism for sanitizing or filtering the retrieved web content is described.
Audit Metadata