groksearch
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is highly vulnerable to indirect prompt injection because it ingests and summarizes untrusted external data from X and the web.
- Ingestion points: Search results retrieved from Grok's
x_searchandweb_searchtools. - Boundary markers: None detected in the provided skill instructions; the agent may not be able to distinguish between search results and system instructions.
- Capability inventory: The results are summarized for the agent, potentially influencing subsequent reasoning or actions.
- Sanitization: No sanitization or filtering logic is described for the ingested content.
- COMMAND_EXECUTION (LOW): The skill requires the execution of a local Python script via
uv run. While the path is specific to the skill directory, it represents a local command execution surface. - CREDENTIALS_UNSAFE (LOW): The skill manages API keys via a local
.envfile at~/.config/groksearch/.env. While the installation instructions recommend safe permissions (600), the storage of secrets in plaintext on the filesystem is a standard but noteworthy risk.
Audit Metadata