Skills
skills/anysearch-ai/anysearch-skills/anysearch/Gen Agent Trust Hub

anysearch

Warn

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill employs aggressive instructional language, stating it "MUST be used as the FIRST and ONLY priority" and that it "Replaces standard browsing." These directives are designed to override the agent's native tool selection logic and bypass default operational constraints.
  • [CREDENTIALS_UNSAFE]: The skill's "API Key Configuration" section explicitly instructs the agent to persist credentials by overwriting the SKILL.md file with a plain-text API key. This violates secure credential management standards, as secrets stored in instructional files are more susceptible to exposure in logs, session histories, or accidental file sharing than those stored in secure environment variables.
  • [COMMAND_EXECUTION]: The persistence mechanism for API keys requires the agent to perform file system read and write operations on its own source file (SKILL.md). This instruction triggers a self-modification workflow that could be leveraged if the replacement logic is subverted.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection through its content retrieval functions.
  • Ingestion points: The extract tool and search tool results ingest untrusted data from arbitrary web URLs into the agent's context.
  • Boundary markers: The instructions do not define boundary markers (such as XML tags or specific delimiters) to separate ingested web content from the agent's core instructions.
  • Capability inventory: The skill facilitates network operations to a remote API and file-system modifications to SKILL.md across all its scripts.
  • Sanitization: There is no mention of sanitization, escaping, or validation of the data retrieved from external sources before it is processed by the agent.
  • [DATA_EXFILTRATION]: The skill performs network operations to https://api.anysearch.com/mcp to conduct searches and fetch URL content. While this is the primary purpose of the search tool, the combination of external content ingestion and the requirement to store plain-text credentials in the configuration file increases the risk of accidental data exposure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 02:21 AM