Skills
skills/besoeasy/open-skills/web-search-api/Gen Agent Trust Hub

web-search-api

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill dynamically fetches a list of active SearXNG instances from the well-known directory https://searx.space/data/instances.json to facilitate instance discovery.
  • [COMMAND_EXECUTION]: Documentation provides example shell commands using curl and jq to query search APIs and extract structured data.
  • [PROMPT_INJECTION]: Includes a dedicated agent prompt section that instructs the AI on how to interact with the search service, rotate between instances, and handle query failures.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: Search results containing untrusted external content are ingested via fetch calls to SearXNG instances defined in SKILL.md.
  • Boundary markers: Absent. The skill does not provide delimiters or instructions to the AI to ignore instructions potentially embedded within search results.
  • Capability inventory: The skill utilizes network access via fetch and curl for API interactions.
  • Sanitization: No sanitization or filtering is performed on the content field returned from search engines.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:36 AM