search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script 'scripts/search.sh' is vulnerable to arbitrary command execution. Evidence: The variable 'CURSOR' is used directly inside a bash arithmetic expansion: 'START=$((CURSOR * 10))'. An attacker can provide a payload like 'a[$(id)]0' to execute commands.
- [PROMPT_INJECTION] (MEDIUM): The skill fetches and processes external search results from Google via Bright Data, which may contain malicious instructions for the agent. 1. Ingestion points: Results from 'api.brightdata.com' in 'scripts/search.sh'. 2. Boundary markers: No markers are used to delimit search results for the consuming agent. 3. Capability inventory: The script uses 'curl' for network access and 'jq' for processing. 4. Sanitization: Data is structured as JSON via 'jq', but the text content is not sanitized for prompt injection.
- [DATA_EXFILTRATION] (LOW): The skill sends the search query and the 'BRIGHTDATA_API_KEY' to a third-party service. Evidence: 'curl' POST request to 'api.brightdata.com'. This is the intended function but involves sharing sensitive API keys with the service provider via the Authorization header.
Recommendations
- AI detected serious security threats
Audit Metadata