Skills
skills/aaaaqwq/claude-code-skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local scripts (tavily.sh, firecrawl.sh) with parameters derived from user input (search queries and URLs). While this is the intended functionality of the skill, it relies on the underlying shell scripts to safely handle and sanitize these arguments to prevent command injection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it fetches and processes arbitrary content from the public web.
  • Ingestion points: Untrusted data enters the agent context via WebFetch, Tavily search results, and Firecrawl scrapes (SKILL.md).
  • Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious directions embedded within the fetched web content.
  • Capability inventory: The skill has access to the Bash tool, allowing it to execute local scripts and potentially interact with the file system or network based on instructions received.
  • Sanitization: There are no documented sanitization or validation steps for the content retrieved from external URLs before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 03:35 PM