byted-web-search
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves and processes untrusted data from the open web to provide search results to the agent.
- Ingestion points: Data enters the context via
WebResults(Title, SiteName, Snippet, Summary) andImageResults(Title, SiteName) fetched from the Volcengine API inscripts/web_search.py. - Boundary markers: Absent. The
format_outputfunction inscripts/web_search.pyformats results as plain text without using delimiters or instructions to ignore embedded commands. - Capability inventory: The script has network access (via
requests.post) and the ability to read local configuration files. - Sanitization: None detected. The script performs basic string formatting and truncation but does not escape or sanitize content fetched from external websites.
- [EXTERNAL_DOWNLOADS]: The skill depends on the
requestslibrary and optionally theveadk-pythonpackage for IAM credential management. - Evidence:
_require_requestsfunction inscripts/web_search.pychecks for the library;references/docs-index.mdandreferences/setup-guide.mdpoint to official vendor repositories on GitHub and PyPI. - [COMMAND_EXECUTION]: The script uses
shlex.splitwhen parsing a local environment file (/root/.openclaw/.env) to safely handle shell-style syntax in configuration values, which is a defensive measure.
Audit Metadata