Skills
skills/bytedance/agentkit-samples/byted-deepsearch/Gen Agent Trust Hub

byted-deepsearch

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It retrieves data from external websites via the byted-web-search dependency and stores it in the findings array. This untrusted data is then used as context for the LLM to determine the nextSearchTopic. An attacker could place malicious instructions on a webpage to hijack the search trajectory or influence subsequent analysis.\n
  • Ingestion points: findings array (SKILL.md)\n
  • Boundary markers: Absent\n
  • Capability inventory: Command execution via python scripts/web_search.py (SKILL.md)\n
  • Sanitization: Absent\n- [COMMAND_EXECUTION]: The workflow executes a Python script using a variable derived from LLM output: python scripts/web_search.py "<nextSearchTopic>". Because nextSearchTopic is generated based on a combination of user queries and external search results, it could be manipulated to include shell injection characters (e.g., semicolons, backticks) if the execution environment does not properly escape the input.\n- [NO_CODE]: The skill package contains no executable scripts or binaries; it consists entirely of workflow descriptions and licensing information. All execution logic is delegated to the host platform and external dependencies.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 11:47 PM