search-config
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (SAFE): The skill does not contain hardcoded credentials or network operations. Documentation in
SKILL.mdcorrectly advises the use of environment variables (process.env.ELASTICSEARCH_URL,process.env.TYPESENSE_API_KEY) for backend authentication. - [REMOTE_CODE_EXECUTION] (SAFE): No remote script downloads or execution patterns (e.g.,
curl | bash) were found. The code uses a static relative import for its internal search module. - [COMMAND_EXECUTION] (SAFE): The CLI handler in
index.tsstrictly parses commands and does not invoke shell processes or arbitrary system commands. - [PROMPT_INJECTION] (SAFE): The skill instructions are focused on configuration and do not contain directives to bypass AI safety filters or override agent behavior.
- [DYNAMIC_EXECUTION] (LOW): The skill uses
await import('../../../search/index')inindex.tsto load the search module. While dynamic imports can be misused, this instance uses a hardcoded relative path to a local dependency, which is common in modular agent architectures.
Audit Metadata