web-search
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The script depends on the
z-ai-web-dev-sdkpackage, which is not from a trusted source. Automated scans flagged a malicious URL associated with the project environment, suggesting a potential risk in the software supply chain. - Indirect Prompt Injection (LOW): The skill ingests untrusted data from web search results. (1) Ingestion points: External web content is retrieved via the
web_searchfunction inscripts/web_search.ts. (2) Boundary markers: No delimiters or isolation instructions are present in the processing logic. (3) Capability inventory: The current script is limited to logging output to the console. (4) Sanitization: No input filtering or content sanitization is performed. (5) Risk: The lack of sanitization allows potentially malicious content to enter the agent's context, though the impact is limited by the script's low privilege level.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata