familysearch
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
authcommand inscripts/familysearch.pyallows passing a username and password via CLI flags (-u,-p). This practice is insecure as it can expose sensitive credentials in the system's process list or shell history. The script does offer a secure interactive prompt as the default method. - [COMMAND_EXECUTION]: The
_search_via_curlfunction executes the systemcurlbinary usingsubprocess.run. While the use of an argument list prevents shell injection, executing external binaries creates a dependency on the underlying system's environment and security. - [EXTERNAL_DOWNLOADS]: The skill fetches data and artifacts from
familysearch.organdident.familysearch.org. It also recommends the installation of thegetmyancestorspackage. These sources are well-known and reputable services for family history research. - [PROMPT_INJECTION]: The
KNOWN_BUGS.mdfile contains instructions specifically for the AI agent to update the table upon encountering errors. This is a functional meta-instruction that guides agent behavior based on tool output. - [INDIRECT_PROMPT_INJECTION]: The skill processes genealogical data, memories, and sources retrieved from an external API.
- Ingestion points: Data enters the system through API responses from FamilySearch via
httpxandcurlcalls. - Boundary markers: No explicit delimiters or instructions are used to separate user data from the agent's instructions.
- Capability inventory: The script can write files to the local filesystem and execute the
curlcommand. - Sanitization: The script uses standard URL encoding for API parameters but does not perform secondary sanitization of the content returned from the API before it is processed by the agent.
Audit Metadata