ultimate-search
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on several Shell scripts (
grok-search.sh,tavily-search.sh,web-fetch.sh, etc.) for its core functionality. These scripts are executed by the agent via Bash. User-supplied queries are passed to these scripts and generally handled safely usingjqto build JSON payloads for API requests. - [EXTERNAL_DOWNLOADS]: The
docker-compose.ymlandsetup.shscripts pull and run container images from GitHub Container Registry (ghcr.io) for third-party services includinggrok2api,TavilyProxyManager, andflaresolverr. - [CREDENTIALS_UNSAFE]: The skill is designed to manage and automate the import of sensitive credentials, including Grok SSO session tokens (JWTs) and Tavily/FireCrawl API keys. The
import-keys.shscript processes these from a local file (export_sso.txt) and environment variables, sending them to the locally-hosted proxy services. - [INDIRECT_PROMPT_INJECTION]: As a web search and scraping tool, the skill has a significant attack surface for indirect prompt injection via search results or scraped web content.
- Ingestion points:
grok-search.sh,tavily-search.sh, andweb-fetch.shingest data from external web sources into the agent's context. - Boundary markers: The
SKILL.mdprovides explicit instructions for the agent to treat search results as untrusted third-party suggestions and mandates cross-verification from multiple independent sources. - Capability inventory: The skill allows the agent to execute subprocesses (Shell scripts) and perform network operations via
curlthrough the local proxy services. - Sanitization: Content is fetched primarily in Markdown format; however, no specific sanitization logic is implemented to strip potential injection vectors from the fetched text before it is processed by the agent.
Audit Metadata