search
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary function is to fetch and process data from untrusted external sources, creating a risk of indirect prompt injection.
- Ingestion points: Commands such as
casedev search webfetch,casedev search web, andcasedev search legalingest external content from the web and legal databases into the agent's context. - Boundary markers: The documentation lacks delimiters or explicit instructions for the agent to ignore any commands or instructions found within the fetched external data.
- Capability inventory: The skill provides access to network resources (via
webfetch) and internal documents (viavault search), which could be targeted by injected instructions. - Sanitization: No mechanisms for sanitizing or filtering the ingested external content are mentioned.
- Command Execution (SAFE): The skill utilizes a custom CLI (
casedev) for search operations. The documented command patterns are structured for data retrieval and do not contain shell injection, arbitrary command execution, or privilege escalation patterns.
Audit Metadata