gs-advanced-search
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.\n
- Ingestion points: Untrusted content enters the agent context via user-provided search criteria in the $ARGUMENTS variable and the search results scraped from scholar.google.com.\n
- Boundary markers: There are no explicit markers or instructions defined to isolate the scraped content or prevent the agent from following instructions embedded within the search results.\n
- Capability inventory: The skill utilizes navigate_page to access external URLs and evaluate_script to execute data-extraction logic in the browser context.\n
- Sanitization: No sanitization or validation logic is present to filter the content extracted from the webpage before it is returned to the agent.\n- [EXTERNAL_DOWNLOADS]: The skill initiates network requests to scholar.google.com. This is a well-known and trusted academic service, and the navigation is consistent with the skill's stated purpose of performing research searches.
Audit Metadata