google-web-search

This skill is a straightforward Google Custom Search wrapper: its declared capabilities (web search + optional image results) align with the described behavior. There is no code or instructions in the provided fragment that indicate download-and-execute chains, credential harvesting, obfuscated payloads, or explicit malicious behavior. Primary risks are standard privacy and operational concerns: forwarding arbitrary user queries (which might contain secrets) to an external search API, lack of explicit guidance about required API credentials and secure storage, and potential indirect prompt-injection risks from processing untrusted web content. Overall, the fragment appears functionally coherent and not malicious, but implementers should (1) require and document secure storage and limited-scope API credentials, (2) clearly state that users must not include secrets in queries, (3) verify that requests are made directly to Google's official endpoints (no proxy/interceptor), and (4) consider filtering or redacting sensitive data from returned results before including citations.