web-search-fallback
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Integration code in
INTEGRATION.mdperforms unsafe shell interpolation of user-provided search queries into commands (e.g.,python3 lib/web_search_fallback.py "$search_query"). This allows for command injection if the query contains shell metacharacters such as backticks or dollar-parenthesis expressions. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill integration guide references and executes local scripts (
lib/web_search_fallback.py,lib/web_search_fallback.sh) that are not included in the provided skill payload, making the executed logic unverifiable and potentially malicious. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected.
- Ingestion points: Untrusted web search results retrieved from external sources like DuckDuckGo or Searx via the fallback scripts.
- Boundary markers: Absent. The search results are directly interpolated into agent context.
- Capability inventory: Shell command execution and general-purpose agent delegation.
- Sanitization: No validation or escaping of external content before processing.
Recommendations
- AI detected serious security threats
Audit Metadata