web-search
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute specific local scripts located in the user's home directory (~/clawd/skills/tavily/scripts/tavily.shand~/clawd/skills/firecrawl/scripts/firecrawl.sh) to perform searches and data extraction. - [PROMPT_INJECTION]: The skill's core functionality involves fetching untrusted content from the public internet, creating a surface for indirect prompt injection attacks.
- Ingestion points: Data enters the agent's context through
WebFetchresults and the output of search/scrape scripts. - Boundary markers: The skill instructions lack explicit delimiters or warnings to the agent to ignore instructions embedded within the fetched web content.
- Capability inventory: The skill possesses the capability to execute shell commands (via
Bash) and perform network requests. - Sanitization: There is no mention of sanitization, filtering, or validation of the retrieved content before it is processed by the agent.
Audit Metadata